Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-926 — Vulnerability Class 73

73 vulnerabilities classified as CWE-926. AI Chinese analysis included.

CWE-926 represents a critical configuration weakness where Android application components, such as activities, services, or broadcast receivers, are exported without adequate access restrictions. This flaw allows any other application on the device to interact with the component, potentially launching it or accessing sensitive data it contains. Attackers typically exploit this by crafting malicious intents to trigger exported components, thereby bypassing intended security boundaries to execute unauthorized actions or steal private information. To prevent this vulnerability, developers must explicitly define the `android:exported` attribute in the AndroidManifest.xml file, setting it to false for components that do not need to be accessible externally. Furthermore, implementing proper permission checks and intent filters ensures that only trusted applications can interact with these components, maintaining the integrity and confidentiality of the application’s data and functionality.

MITRE CWE Description
The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains. The attacks and consequences of improperly exporting a component may depend on the exported component: If access to an exported Activity is not restricted, any application will be able to launch the activity. This may allow a malicious application to gain access to sensitive information, modify the internal state of the application, or trick a user into interacting with the victim application while believing they are still interacting with the malicious application. If access to an exported Service is not restricted, any application may start and bind to the Service. Depending on the exposed functionality, this may allow a malicious application to perform unauthorized actions, gain access to sensitive information, or corrupt the internal state of the application. If access to a Content Provider is not restricted to only the expected applications, then malicious applications might be able to access the sensitive data. Note that in Android before 4.2, the Content Provider is automatically exported unless it has been explicitly declared as NOT exported.
Common Consequences (3)
Availability, IntegrityUnexpected State, DoS: Crash, Exit, or Restart, DoS: Instability, Varies by Context
Other applications, possibly untrusted, can launch the Activity.
Availability, IntegrityUnexpected State, Gain Privileges or Assume Identity, DoS: Crash, Exit, or Restart, DoS: Instability, Varies by Context
Other applications, possibly untrusted, can bind to the Service.
Confidentiality, IntegrityRead Application Data, Modify Application Data
Other applications, possibly untrusted, can read or modify the data that is offered by the Content Provider.
Mitigations (4)
Build and CompilationIf they do not need to be shared by other applications, explicitly mark components with android:exported="false" in the application manifest.
Build and CompilationIf you only intend to use exported components between related apps under your control, use android:protectionLevel="signature" in the xml manifest to restrict access to applications signed by you.
Build and Compilation, Architecture and DesignLimit Content Provider permissions (read/write) as appropriate.
Build and Compilation, Architecture and DesignLimit Content Provider permissions (read/write) as appropriate.
Examples (2)
This application is exporting an activity and a service in its manifest.xml:
<activity android:name="com.example.vulnerableApp.mainScreen"> ... <intent-filter> <action android:name="com.example.vulnerableApp.OPEN_UI" /> <category android:name="android.intent.category.DEFAULT" /> </intent-filter> ... </activity> <service android:name="com.example.vulnerableApp.backgroundService"> ... <intent-filter> <action android:name="com.example.vulnerableApp.START_BACKGROUND" /> </intent-filter> ... </service>
Bad · XML
This application has created a content provider to enable custom search suggestions within the application:
<provider> android:name="com.example.vulnerableApp.searchDB" android:authorities="com.example.vulnerableApp.searchDB"> </provider>
Bad · XML
CVE IDTitleCVSSSeverityPublished
CVE-2026-3291 Samsung Print Service Plugin – Potential Information Disclosure — Samsung Print Service Plugin 4.6AIMediumAI2026-05-06
CVE-2025-15464 KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking — Fun Print Mobile 6.5 -2026-01-08
CVE-2025-14517 Yalantis uCrop AndroidManifest.xml UCropActivity  improper export of android application components — uCrop 5.3 Medium2025-12-11
CVE-2025-10722 SKTLab Mukbee App com.dw.android.mukbee AndroidManifest.xml improper export of android application components — Mukbee App 5.3 Medium2025-09-19
CVE-2025-10721 Webull Investing & Trading App AndroidManifest.xml improper export of android application components — Investing & Trading App 5.3 Medium2025-09-19
CVE-2025-10718 Ooma Office Business Phone App com.ooma.office2 improper export of android application components — Office Business Phone App 5.3 Medium2025-09-19
CVE-2025-10717 intsig CamScanner App com.intsig.camscanner AndroidManifest.xml improper export of android application components — CamScanner App 5.3 Medium2025-09-19
CVE-2025-10716 Creality Cloud App com.cxsw.sdprinter AndroidManifest.xml improper export of android application components — Cloud App 5.3 Medium2025-09-19
CVE-2025-10715 APEUni PTE Exam Practice App com.ape_edication AndroidManifest.xml improper export of android application components — PTE Exam Practice App 5.3 Medium2025-09-19
CVE-2025-10195 Seismic App com.seismic.doccenter AndroidManifest.xml improper export of android application components — Seismic App 5.3 Medium2025-09-10
CVE-2025-5500 ZhenShi Mibro Fit App com.xiaoxun.xunoversea.mibrofit AndroidManifest.xml improper export of android application components — Mibro Fit App 5.3 Medium2025-09-09
CVE-2025-9695 GalleryVault Gallery Vault App com.thinkyeah.galleryvault AndroidManifest.xml improper export of android application components — Gallery Vault App 5.3 Medium2025-08-30
CVE-2025-9677 Modo Legend of the Phoenix com.duige.hzw.multilingual AndroidManifest.xml improper export of android application components — Legend of the Phoenix 5.3 Medium2025-08-29
CVE-2025-9676 NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application components — Universe App 5.3 Medium2025-08-29
CVE-2025-9675 Voice Changer App com.tuyangkeji.changevoice AndroidManifest.xml improper export of android application components — Voice Changer App 5.3 Medium2025-08-29
CVE-2025-9674 Transbyte Scooper News App com.hatsune.eagleee AndroidManifest.xml improper export of android application components — Scooper News App 5.3 Medium2025-08-29
CVE-2025-9673 Kakao 헤이카카오 Hey Kakao App com.kakao.i.connect AndroidManifest.xml improper export of android application components — 헤이카카오 Hey Kakao App 5.3 Medium2025-08-29
CVE-2025-9672 Rejseplanen App de.hafas.android.rejseplanen AndroidManifest.xml improper export of android application components — Rejseplanen App 5.3 Medium2025-08-29
CVE-2025-9671 UAB Paytend App com.passport.cash AndroidManifest.xml improper export of android application components — Paytend App 5.3 Medium2025-08-29
CVE-2025-9135 Verkehrsauskunft Österreich SmartRide/cleVVVer/BusBahnBim/Salzburg Verkehr AndroidManifest.xml improper export of android application components — SmartRide 5.3 Medium2025-08-19
CVE-2025-9134 AfterShip Package Tracker App com.aftership.AfterShip AndroidManifest.xml improper export of android application components — Package Tracker App 5.3 Medium2025-08-19
CVE-2025-9102 1&1 Mail & Media mail.com App com.mail.mobile.android.mail AndroidManifest.xml improper export of android application components — mail.com App 5.3 Medium2025-08-18
CVE-2025-9098 Elseplus File Recovery App AndroidManifest.xml improper export of android application components — File Recovery App 5.3 Medium2025-08-18
CVE-2025-9097 Euro Information CIC banque et compte en ligne App com.cic_prod.bad AndroidManifest.xml improper export of android application components — CIC banque et compte en ligne App 5.3 Medium2025-08-18
CVE-2025-9093 BuzzFeed App com.buzzfeed.android AndroidManifest.xml improper export of android application components — BuzzFeed App 5.3 Medium2025-08-17
CVE-2025-8745 Weee RICEPO App com.ricepo.app AndroidManifest.xml improper export of android application components — RICEPO App 5.3 Medium2025-08-09
CVE-2025-8707 Huuge Box App com.huuge.game.zjbox AndroidManifest.xml improper export of android application components — Box App 5.3 Medium2025-08-08
CVE-2025-8524 Boquan DotWallet App com.boquanhash.dotwallet AndroidManifest.xml improper export of android application components — DotWallet App 5.3 Medium2025-08-04
CVE-2025-8523 RiderLike Fruit Crush-Brain App com.fruitcrush.fun AndroidManifest.xml improper export of android application components — Fruit Crush-Brain App 5.3 Medium2025-08-04
CVE-2025-8513 Caixin News App com.caixin.news AndroidManifest.xml improper export of android application components — News App 5.3 Medium2025-08-03

Vulnerabilities classified as CWE-926 represent 73 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.