ByteOS Network

NVD Vulnerability Details :

CVE-2026-22694

Awaiting Analysis

Source-security-advisories@github.com

Published At-14 Jan, 2026 | 17:16

Updated At-16 Jan, 2026 | 15:55

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response for a site it was not authorized to access. The issue involved incomplete validation of calling app identity, origin, and RP ID in the Android credential provider. This issue was fixed in AliasVault Android 0.25.3.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.1	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

Weaknesses

CWE ID	Type	Source
CWE-346	Primary	security-advisories@github.com

CWE ID: CWE-346

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/aliasvault/aliasvault/commit/b3350473103d6138ab2b63ca130c211717eac67d	security-advisories@github.com	N/A
https://github.com/aliasvault/aliasvault/issues/1440	security-advisories@github.com	N/A
https://github.com/aliasvault/aliasvault/pull/1441	security-advisories@github.com	N/A
https://github.com/aliasvault/aliasvault/releases/tag/0.25.3	security-advisories@github.com	N/A
https://github.com/aliasvault/aliasvault/security/advisories/GHSA-mvg4-wvjv-332q	security-advisories@github.com	N/A