CVE-2026-8990

Authentication Bypass in Kidsview

CVSS 5.3 MEDIUMEPSS 0.2%CWE-288 CWE-359

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

28 mai 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Produtos afetados

View Concept · Kidsview

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://cert.pl/posts/2026/05/CVE-2026-8990 https://kidsview.pl/