What is CVE-2026-2974?

CVE-2026-2974 is a low-severity vulnerability in Aliasvault, classified under Improper Authorization. CVSS score: 2.5/10. Published 2026-02-23.

How severe is CVE-2026-2974?

Low severity. CVSS v3 base score is 2.5 out of 10.

Auth bypass in Aliasvault

CVE-2026-2974

A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file shared_prefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/ref…

EPSS: 0.000 (1.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.5 (Low). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Aliasvault
N/a Aliasvault App — versions 0.25.0, 0.25.1, 0.25.2

Weakness classification (CWE)

References

VDB-347340 | AliasVault App Backup aliasvault.xml backup (technical-description, Third Party Advisory, VDB Entry, vdb-entry)
VDB-347340 | CTI Indicators (IOB, IOC, IOA) (signature, Permissions Required, permissions-required, VDB Entry)
Submit #756058 | AliasVault v0.25.3 Insecure Storage of Sensitive Information (Third Party Advisory, VDB Entry, third-party-advisory)
Submit #756059 | AliasVault v0.25.3 Insecure Storage of Sensitive Information (Duplicate) (Third Party Advisory, VDB Entry, third-party-advisory)
cna@vuldb.com (issue-tracking, Issue Tracking)
cna@vuldb.com (issue-tracking, Issue Tracking)
cna@vuldb.com (issue-tracking, exploit, Issue Tracking)
cna@vuldb.com (Patch, patch)
cna@vuldb.com (Release Notes, patch)

Frequently asked questions

What is CVE-2026-2974?: CVE-2026-2974 is a low-severity vulnerability in Aliasvault, classified under Improper Authorization. CVSS score: 2.5/10. Published 2026-02-23.
How severe is CVE-2026-2974?: Low severity. CVSS v3 base score is 2.5 out of 10.