Home > Vulnerability Database > CVE-2026-22694

Mend.io Vulnerability Database

CVE-2026-22694

Good to know:

Date: January 14, 2026

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response for a site it was not authorized to access. The issue involved incomplete validation of calling app identity, origin, and RP ID in the Android credential provider. This issue was fixed in AliasVault Android 0.25.3.

Severity Score

6.1

Related Resources (7)

Url: https://github.com/aliasvault/aliasvault/issues/1440

Url: https://github.com/aliasvault/aliasvault/releases/tag/0.25.3

Url: https://github.com/aliasvault/aliasvault/pull/1441

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-22694

Url: https://github.com/aliasvault/aliasvault/commit/b3350473103d6138ab2b63ca130c211717eac67d

Url: https://github.com/aliasvault/aliasvault/security/advisories/GHSA-mvg4-wvjv-332q

Url: https://www.mend.io/vulnerability-database/CVE-2026-22694

Severity Score

6.1

Weakness Type (CWE)

Origin Validation Error

CWE-346

Top Fix

Upgrade Version

Upgrade to version https://github.com/aliasvault/aliasvault.git - 0.25.3

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-22694

Good to know:

Date: January 14, 2026

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?