CVE-2026-4250

LOW

Albert Sağlık Hizmetleri ve Ticaret Albert Health Google Cloud Service Account Key service-account.json credentials storage

Title source: cna

Description

A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android. Affected is an unknown function of the file resources/assets/service-account.json of the component Google Cloud Service Account Key Handler. Performing a manipulation results in unprotected storage of credentials. The attack requires a local approach. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Vdb Entry vdb-entry

VDB-351208 | Albert Sağlık Hizmetleri ve Ticaret Albert Health Google Cloud Service Account Key service-account.json credentials storage

https://vuldb.com/?id.351208

Signature, Permissions Required signature permissions-required

VDB-351208 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.351208

Third Party Advisory third-party-advisory

Submit #771435 | albertHealth Albert Health(albert.health) 1.7.3 Google Cloud Service Account Key Exposure

https://vuldb.com/?submit.771435

Exploit exploit

https://www.notion.so/Google-Cloud-Service-Account-Key-Exposure-Leading-to-Unauthorized-Data-Access-in-albert-health-3192de3f97fb800d8ebddef9f259223b?source=copy_link

Scores

CVSS v3 2.5

EPSS 0.0010

EPSS Percentile 1.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-255 CWE-256

Status published

Products (4)

Albert Sağlık Hizmetleri ve Ticaret/Albert Health 1.7.0

Albert Sağlık Hizmetleri ve Ticaret/Albert Health 1.7.1

Albert Sağlık Hizmetleri ve Ticaret/Albert Health 1.7.2

Albert Sağlık Hizmetleri ve Ticaret/Albert Health 1.7.3

Published Mar 16, 2026

Tracked Since Mar 16, 2026