How severe is CVE-2024-26131?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2024-26131?

This is classified as CWE-923, which is a common weakness in software security.

CVE-2024-26131 - HIGH Severity | CVSS 7.8

Vulnerability Description

Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.

Related Vulnerabilities

CVE-2018-10596

HIGH

CVSS:8.0(High)

Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading u...

CWE-9232018

CVE-2025-23178

HIGH

CVSS:7.6(High)

CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

CWE-9232025

CVE-2024-24974

HIGH

CVSS:7.5(High)

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service...

CWE-9232024

CVE-2024-26013

HIGH

CVSS:7.5(High)

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through ...

CWE-9232024

CVE-2024-34446

HIGH

CVSS:7.5(High)

Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affect...

CWE-9232024

CVE-2024-47490

HIGH

CVSS:8.2(High)

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthentic...

CWE-9232024