EUVD-2026-32901
Authentication Bypass Using an Alternate Path or Channel (CWE-288)
GHSA-frf3-pwqj-2qf5
5.3
CVSS 4.0
Share
CVSS VectorNVD
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X
Lifecycle Timeline
2
Patch available
May 28, 2026 - 15:01 EUVD
Analysis Generated
May 28, 2026 - 14:32 vuln.today
DescriptionNVD
A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification.
This issue was fixed in version 4.4.3
AnalysisAI
Authentication bypass in the Kidsview mobile application allows a person with physical access to a smartphone to gain full, unauthorized access to the device owner's account by interacting with the app's push notifications, entirely circumventing the normal login flow. Affected versions are those prior to 4.4.3, as confirmed by the vendor fix. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).