← Back to CVE List

CVE-2024-26131

Published: 2024-02-29T01:44Z
Last Modified: 2025-02-14T17:25Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt