CVE-2026-8990

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full acc...

Published: 2026-05-28 · Last updated: 2026-05-28

Severity and scoring

CWE: CWE-288, CWE-359

Description

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-8990
[Other]https://cert.pl/posts/2026/05/CVE-2026-8990
[Other]https://kidsview.pl/

Related CVEs

Same CWE

CVE-2026-26237 — A missing authorization vulnerability has been reported to affect QuMagie
CVE-2026-10523 — An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauth... (9.9 CRITICAL)
CVE-2026-25699 — Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer (6.1 MEDIUM)
CVE-2026-5415 — The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnera... (8.8 HIGH)
CVE-2020-25900 — HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city (5.3 MEDIUM)