Aliasvault

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-26266 CRITICAL PATCH Act Now

Stored XSS in AliasVault password manager. Patch available.

XSS Aliasvault
NVD GitHub
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-22694 MEDIUM PATCH This Month

Incomplete validation of passkey requests in AliasVault Android versions 0.24.0-0.25.2 allows a locally installed malicious application to obtain passkey responses for unauthorized websites by bypassing checks on calling app identity, origin, and RP ID. An attacker with local access could leverage this to gain unauthorized access to user accounts on targeted services. The vulnerability has been patched in version 0.25.3.

Android Aliasvault
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-26266
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Stored XSS in AliasVault password manager. Patch available.

XSS Aliasvault
NVD GitHub
CVE-2026-22694
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Incomplete validation of passkey requests in AliasVault Android versions 0.24.0-0.25.2 allows a locally installed malicious application to obtain passkey responses for unauthorized websites by bypassing checks on calling app identity, origin, and RP ID. An attacker with local access could leverage this to gain unauthorized access to user accounts on targeted services. The vulnerability has been patched in version 0.25.3.

Android Aliasvault
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy