CVE-2024-26131

CVSS 3.1 Score 8.4 of 10 (high)

Details

Published Feb 29, 2024

CWE ID 940

CWE ID 923

Summary

CVE-2024-26131 is a vulnerability affecting Element Android, an Android Matrix Client. Versions 1.4.3 to 1.6.10 are at risk of intent redirection, enabling malicious apps to initiate internal activities with additional parameters. This issue potentially allows attackers to display arbitrary web pages, execute JavaScript, bypass PIN code protection, and even facilitate account takeover by launching a login screen to steal credentials. The vulnerability is resolved in Element Android 1.6.12, and no known workarounds are available to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uhK-LN
https://www.cve.org/CVERecord?id=CVE-2024-26131
https://nvd.nist.gov/vuln/detail/CVE-2024-26131

Back to Vulnerability Database

CVE-2024-26131

CVSS 3.1 Score 8.4 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations