Vulnérabilité de vérification incorrecte dans l'application de messagerie. Impact : L'exploitation réussie de cette vulnérabilité peut affecter la confidentialité du service.

The improper verification flaw allows an attacker to potentially access sensitive email content. This could include personal communications, financial details, or other confidential information stored within the application. While the specific attack vector isn't detailed, the impact centers on unauthorized access to data. The confidentiality of email services is at risk, potentially leading to identity theft, financial fraud, or exposure of sensitive business information. The blast radius extends to any user utilizing the vulnerable version of the Email Application.

Users of Android devices running the Email Application, particularly those with older devices or those who haven't enabled automatic updates, are at risk. Individuals who frequently handle sensitive information via email are especially vulnerable.

1. 2026-03-05Disclosure

   disclosure

1. Réservé2026-02-28
2. Publiée2026-03-05
3. EPSS mis à jour2026-03-23

The primary mitigation for CVE-2026-28548 is to upgrade to a patched version of the Android Email Application. Since a specific fixed version isn't provided, users should monitor for updates released by Google. As a temporary workaround, users could consider disabling automatic email syncing or limiting the amount of sensitive information stored within the application until a patch is available. Regularly review app permissions to ensure only necessary access is granted.