Authentication Bypass in Kidsview_CVE-2026-8990

5.3 / 10

MEDIUM

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification.

This issue was fixed in version 4.4.3

Basic Information

ID CVE-2026-8990

Source CERT-PL

Published May 28, 2026 at 13:27

Affected Product

Vendor View Concept

Product Kidsview

Version 4.0.1

Affected Versions View Concept Kidsview 4.0.1

CWE Classification

CWE-288 CWE-359

References

{
    "lastseen": "",
    "description": "A user with physical access to a smartphone can bypass\u00a0authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification.\n\nThis issue was fixed in version 4.4.3",
    "published": "2026-05-28T13:27:00.417Z",
    "modified": "2026-05-28T13:27:00.417Z",
    "type": "cve",
    "title": "Authentication Bypass in Kidsview",
    "source": "CERT-PL",
    "references": "https://cert.pl/posts/2026/05/CVE-2026-8990\nhttps://kidsview.pl/",
    "id": "CVE-2026-8990",
    "bulletinFamily": "",
    "cwe": [
        "CWE-288",
        "CWE-359"
    ],
    "cvelist": null,
    "sourceData": "View Concept Kidsview 4.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Kidsview",
    "version": "4.0.1",
    "vendor": "View Concept",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}