Description
Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of Sensitive Information (CWE-319) vulnerability. A man-in-the-middle attacker may access and modify communications transmitted in plaintext, potentially resulting in information disclosure or data tampering.
Published: 2026-05-13
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The application contains a Cleartext Transmission of Sensitive Information flaw, allowing a network adversary to intercept and alter data sent in plain text. This weakness may expose confidential user data or corrupt transactions, compromising confidentiality and integrity of the communication. The underlying vulnerability maps to CWE‑319, which highlights insufficient cryptographic protection during data transmission.

Affected Systems

The affected product is the Android application “あんしんフィルター for au” distributed by KDDI CORPORATION. No version range is specified, so any current installation of the app is potentially vulnerable.

Risk and Exploitability

The CVSS score of 6.3 indicates a moderate severity. The EPSS score is not available, so the current likelihood of exploitation is unclear; however, the vulnerability allows a widely feasible man‑in‑the‑middle attack over unencrypted channels. It is not listed in CISA’s KEV catalog, indicating no confirmed public exploitation yet. Existence of the flaw means that attackers who can position themselves in the user’s network path can read or modify traffic without additional privileges.

Generated by OpenCVE AI on May 14, 2026 at 01:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the app to the latest vendor‑released version that fixes the cleartext transmission issue.
  • If no update is available, uninstall the app to eliminate the risk.
  • Configure the device’s Network Security Configuration or VPN to prevent cleartext traffic for this app, ensuring all data is exchanged over TLS.

Generated by OpenCVE AI on May 14, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://jvn.jp/en/jp/JVN24167657/ cve-icon cve-icon
History

Thu, 14 May 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Kddi Corporation
Kddi Corporation あんしんフィルター For Au
Vendors & Products Kddi Corporation
Kddi Corporation あんしんフィルター For Au

Thu, 14 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 14 May 2026 01:30:00 +0000

Type Values Removed Values Added
Title Cleartext Transmission Vulnerability in KDDI ‘あんしんフィルター for au’ App

Wed, 13 May 2026 23:45:00 +0000

Type Values Removed Values Added
Description Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of Sensitive Information (CWE-319) vulnerability. A man-in-the-middle attacker may access and modify communications transmitted in plaintext, potentially resulting in information disclosure or data tampering.
Weaknesses CWE-319
References
Metrics cvssV3_0

{'score': 4.8, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Kddi Corporation あんしんフィルター For Au
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-05-14T13:54:45.871Z

Reserved: 2026-04-20T04:42:05.522Z

Link: CVE-2026-41281

cve-icon Vulnrichment

Updated: 2026-05-14T13:54:42.668Z

cve-icon NVD

Status : Deferred

Published: 2026-05-14T00:16:35.237

Modified: 2026-05-14T16:49:18.583

Link: CVE-2026-41281

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T14:33:03Z

Weaknesses