Description
A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH_KEY results in information disclosure. The attack is only possible with local access. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-16
Score: 2 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Immediate Patch
AI Analysis

Impact

A vulnerability exists in the myAEDES App, specifically within the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. By manipulating the argument AUTH_KEY, an attacker can read sensitive data that should not be exposed. This results in information disclosure with potential integrity impact on data confidentiality. The weakness corresponds to CWE-200 (Information Exposure) and CWE-284 (Improper Access Control). The exploit is categorized as high complexity and difficult to execute, but the attack surface is limited to local system access only.

Affected Systems

The affected product is myAEDES App with all releases up to version 1.18.4 on Android devices. No specific vendor sub‑versions are listed; the vulnerability is reported in the generic "myAEDES App" product family.

Risk and Exploitability

The CVSS score is 2, indicating low overall severity, and the EPSS score is below 1%, suggesting a very low probability of exploitation in the wild. The vulnerability is not in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires local access, high attack complexity, and privileged execution, making it unlikely that an attacker can leverage it remotely or in the absence of local host compromise.

Generated by OpenCVE AI on March 17, 2026 at 11:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the myAEDES App to a version newer than 1.18.4 when a vendor patch is released
  • Apply any vendor‑issued security fix immediately upon availability
  • Restrict local access to the aedes.me.beta component by enabling only authenticated users or by applying local network segmentation
  • Monitor official advisories and response from the vendor for further updates

Generated by OpenCVE AI on March 17, 2026 at 11:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Myaedes
Myaedes myaedes App
Vendors & Products Myaedes
Myaedes myaedes App

Mon, 16 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH_KEY results in information disclosure. The attack is only possible with local access. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title myAEDES App aedes.me.beta EngageBayUtils.java information disclosure
Weaknesses CWE-200
CWE-284
References
Metrics cvssV2_0

{'score': 1, 'vector': 'AV:L/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 2.5, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 2.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 2, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Myaedes Myaedes App
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-16T15:28:24.287Z

Reserved: 2026-03-15T15:18:12.388Z

Link: CVE-2026-4218

cve-icon Vulnrichment

Updated: 2026-03-16T15:28:20.149Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T14:20:09.263

Modified: 2026-03-16T14:53:07.390

Link: CVE-2026-4218

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:45:47Z

Weaknesses