CVE-2026-4250

A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android. Affected is an unknown function of the file resources/assets/service-account.json of the component Google Cloud Service Account Key Handler. Performing a manipulation results in unprotected storage of credentials. The attack requires a local approach. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 2.5 LOW
CVSS v2.0 1.0 LOW

2.5^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.0^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:H/Au:S/C:P/I:N/A:N

Exploitability : 1.5 / Impact : 2.9

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://vuldb.com/?ctiid.351208
https://vuldb.com/?id.351208
https://vuldb.com/?submit.771435
https://www.notion.so/Google-Cloud-Service-Account-Key-Exposure-Leading-to-Unauthorized-Data-Access-in-albert-health-3192de3f97fb800d8ebddef9f259223b?source=copy_link

Configurations

No configuration.

History

22 Apr 2026, 21:32

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad fue encontrada en Albert Sa?l?k Hizmetleri ve Ticaret Albert Health hasta la versión 1.7.3 en Android. Afectada es una función desconocida del archivo resources/assets/service-account.json del componente Google Cloud Service Account Key Gestor. Realizar una manipulación resulta en almacenamiento no protegido de credenciales. El ataque requiere un enfoque local. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es difícil. El exploit ha sido hecho público y podría ser utilizado. El proveedor fue contactado tempranamente sobre esta divulgación pero no respondió de ninguna manera.

16 Mar 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-16 16:16

Updated : 2026-04-29 01:00

NVD link : CVE-2026-4250

Mitre link : CVE-2026-4250

CVE.ORG link : CVE-2026-4250

JSON object : View

Products Affected

No product.

CWE

CWE-255

Credentials Management Errors

CWE-256

Plaintext Storage of a Password

2.5 /10

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.0 /10

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2026-4250

2.5^/10

1.0^/10

Attach tags to `CVE-2026-4250`