Home

Description

Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls.

PUBLISHED Reserved 2026-01-05 | Published 2026-01-08 | Updated 2026-01-08 | Assigner KoreLogic

Problem types

CWE-926 Improper Export of Android Application Components

Product status

Default status
affected

6.05.15 (semver)
affected

Credits

Felix Segoviano of KoreLogic, Inc. finder

References

korelogic.com/...urces/Advisories/KL-001-2026-001.poc.js.txt exploit

seclists.org/fulldisclosure/2026/Jan/12

korelogic.com/Resources/Advisories/KL-001-2026-001.txt third-party-advisory

cve.org (CVE-2025-15464)

nvd.nist.gov (CVE-2025-15464)

Download JSON