HIGH🇵🇱 Wersja polska

CVE-2024-26131

CVSS 8.4v3.1pub. 2024-02-29upd. 2025-02-14

Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Element

    APP
    Element
    1.4.3 – 1.6.12 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-27606MEDIUM5.1ten sam produkt

Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, und...

CVE-2024-26132MEDIUM4.0ten sam produkt

Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone c...

CVE-2022-41904MEDIUM6.4ten sam produkt

Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, eve...

CVE-2022-23597HIGH8.3ten sam vendor

Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before ...

CVE-2026-45076MEDIUM5.1ten sam vendor

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious ho...