目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-926 类漏洞列表 74

CWE-926 类弱点 74 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-926指Android应用组件导出不当,属于权限配置缺陷。攻击者利用未受限制的组件,通过其他应用发起恶意请求或窃取敏感数据,导致隐私泄露或服务滥用。开发者应避免使用隐式意图,显式指定组件权限,严格校验调用来源,并最小化组件导出范围,确保仅授权可信应用访问,从而有效阻断未授权访问路径。

MITRE CWE 官方描述
CWE:CWE-921 Android 应用程序组件的不当导出 英文:Android 应用程序导出供其他应用程序使用的组件,但未正确限制哪些应用程序可以启动该组件或访问其包含的数据。 不当导出组件的攻击和后果可能取决于被导出的组件类型:如果未限制对已导出 Activity 的访问,任何应用程序都将能够启动该 Activity。这可能允许恶意应用程序访问敏感信息、修改应用程序的内部状态,或诱骗用户在与受害者应用程序交互时,误以为他们仍在与恶意应用程序交互。如果未限制对已导出 Service 的访问,任何应用程序都可能启动并绑定到该 Service。根据暴露的功能,这可能允许恶意应用程序执行未经授权的操作、访问敏感信息或破坏应用程序的内部状态。如果未将 Content Provider 的访问权限限制为仅预期的应用程序,则恶意应用程序可能能够访问敏感数据。请注意,在 Android 4.2 之前的版本中,除非明确声明为 NOT exported(未导出),否则 Content Provider 会自动导出。
常见影响 (3)
Availability, IntegrityUnexpected State, DoS: Crash, Exit, or Restart, DoS: Instability, Varies by Context
Other applications, possibly untrusted, can launch the Activity.
Availability, IntegrityUnexpected State, Gain Privileges or Assume Identity, DoS: Crash, Exit, or Restart, DoS: Instability, Varies by Context
Other applications, possibly untrusted, can bind to the Service.
Confidentiality, IntegrityRead Application Data, Modify Application Data
Other applications, possibly untrusted, can read or modify the data that is offered by the Content Provider.
缓解措施 (4)
Build and CompilationIf they do not need to be shared by other applications, explicitly mark components with android:exported="false" in the application manifest.
Build and CompilationIf you only intend to use exported components between related apps under your control, use android:protectionLevel="signature" in the xml manifest to restrict access to applications signed by you.
Build and Compilation, Architecture and DesignLimit Content Provider permissions (read/write) as appropriate.
Build and Compilation, Architecture and DesignLimit Content Provider permissions (read/write) as appropriate.
代码示例 (2)
This application is exporting an activity and a service in its manifest.xml:
<activity android:name="com.example.vulnerableApp.mainScreen"> ... <intent-filter> <action android:name="com.example.vulnerableApp.OPEN_UI" /> <category android:name="android.intent.category.DEFAULT" /> </intent-filter> ... </activity> <service android:name="com.example.vulnerableApp.backgroundService"> ... <intent-filter> <action android:name="com.example.vulnerableApp.START_BACKGROUND" /> </intent-filter> ... </service>
Bad · XML
This application has created a content provider to enable custom search suggestions within the application:
<provider> android:name="com.example.vulnerableApp.searchDB" android:authorities="com.example.vulnerableApp.searchDB"> </provider>
Bad · XML
CVE ID标题CVSS风险等级Published
CVE-2026-44279 Fortinet FortiTokenAndroid 安全漏洞 — FortiTokenAndroid 5.0 Medium2026-05-12
CVE-2026-3291 HP Samsung Print Service Plugin 安全漏洞 — Samsung Print Service Plugin 4.6AIMediumAI2026-05-06
CVE-2025-15464 yintibao Fun Print Mobile 安全漏洞 — Fun Print Mobile 6.5 -2026-01-08
CVE-2025-14517 uCrop 安全漏洞 — uCrop 5.3 Medium2025-12-11
CVE-2025-10722 SKTLab Mukbee App 安全漏洞 — Mukbee App 5.3 Medium2025-09-19
CVE-2025-10721 Webull Investing & Trading App 安全漏洞 — Investing & Trading App 5.3 Medium2025-09-19
CVE-2025-10718 Ooma Office Business Phone App 安全漏洞 — Office Business Phone App 5.3 Medium2025-09-19
CVE-2025-10717 INTSIG CamScanner App 安全漏洞 — CamScanner App 5.3 Medium2025-09-19
CVE-2025-10716 Creality Cloud App 安全漏洞 — Cloud App 5.3 Medium2025-09-19
CVE-2025-10715 APEUni PTE Exam Practice App 安全漏洞 — PTE Exam Practice App 5.3 Medium2025-09-19
CVE-2025-10195 Seismic App 安全漏洞 — Seismic App 5.3 Medium2025-09-10
CVE-2025-5500 ZhenShi Mibro Fit App 安全漏洞 — Mibro Fit App 5.3 Medium2025-09-09
CVE-2025-9695 GalleryVault Gallery Vault App 安全漏洞 — Gallery Vault App 5.3 Medium2025-08-30
CVE-2025-9677 Modo Legend of the Phoenix 安全漏洞 — Legend of the Phoenix 5.3 Medium2025-08-29
CVE-2025-9676 NCSOFT Universe App 安全漏洞 — Universe App 5.3 Medium2025-08-29
CVE-2025-9675 Baviux Voice Changer App 安全漏洞 — Voice Changer App 5.3 Medium2025-08-29
CVE-2025-9674 Transbyte Scooper News App 安全漏洞 — Scooper News App 5.3 Medium2025-08-29
CVE-2025-9673 Kakao Hey Kakao App 安全漏洞 — 헤이카카오 Hey Kakao App 5.3 Medium2025-08-29
CVE-2025-9672 Rejseplanen App 安全漏洞 — Rejseplanen App 5.3 Medium2025-08-29
CVE-2025-9671 UAB Paytend App 安全漏洞 — Paytend App 5.3 Medium2025-08-29
CVE-2025-9135 Verkehrsauskunft Österreich多款产品 安全漏洞 — SmartRide 5.3 Medium2025-08-19
CVE-2025-9134 AfterShip Package Tracker App 安全漏洞 — Package Tracker App 5.3 Medium2025-08-19
CVE-2025-9102 1&1 Mail & Media mail.com App 安全漏洞 — mail.com App 5.3 Medium2025-08-18
CVE-2025-9098 Elseplus File Recovery App 安全漏洞 — File Recovery App 5.3 Medium2025-08-18
CVE-2025-9097 Euro Information CIC banque et compte en ligne App 安全漏洞 — CIC banque et compte en ligne App 5.3 Medium2025-08-18
CVE-2025-9093 BuzzFeed App 安全漏洞 — BuzzFeed App 5.3 Medium2025-08-17
CVE-2025-8745 Weee RICEPO App 安全漏洞 — RICEPO App 5.3 Medium2025-08-09
CVE-2025-8707 Huuge Box App 安全漏洞 — Box App 5.3 Medium2025-08-08
CVE-2025-8524 DotWallet App 安全漏洞 — DotWallet App 5.3 Medium2025-08-04
CVE-2025-8523 RiderLike Fruit Crush-Brain App 安全漏洞 — Fruit Crush-Brain App 5.3 Medium2025-08-04

CWE-926 是常见的弱点类别,本平台收录该类弱点关联的 74 条 CVE 漏洞。