What is CVE-2024-26132?

CVE-2024-26132 is a medium-severity vulnerability in Element-hq Element-android, classified under Information Disclosure. CVSS score: 4.0/10. Published 2024-02-20.

How severe is CVE-2024-26132?

Medium severity. CVSS v3 base score is 4.0 out of 10.

Is CVE-2024-26132 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Element-hq Element-android

CVE-2024-26132

Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the `files` directory in the application's p…

Vulnerability class: Information Disclosure

EPSS: 0.003 (51.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Element-hq Element-android — versions >= 0.91.0, < 1.6.12

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/element-hq/element-android/security/advisories/GHSA-8wj9-cx7h-pvm4 (x_refsource_CONFIRM)
https://github.com/element-hq/element-android/commit/8f9695a9a8d944cb9b92568cbd76578c51d32e07 (x_refsource_MISC)
https://element.io/blog/security-release-element-android-1-6-12 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-26132?: CVE-2024-26132 is a medium-severity vulnerability in Element-hq Element-android, classified under Information Disclosure. CVSS score: 4.0/10. Published 2024-02-20.
How severe is CVE-2024-26132?: Medium severity. CVSS v3 base score is 4.0 out of 10.
Is CVE-2024-26132 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.