CVE-2026-5456

216.73.216.226

· Published 03/04/2026 07:16 · Modified 03/04/2026 16:10

Labels: CVE-2026-5456 2026-04-03 CVE-2026-5456 CWE-320 [email protected]

Essential information

Published: 03/04/2026 07:16
Modified: 03/04/2026 16:10
Author: —
Creator: —
CVSS: 1.9 LOW (v3) 1.9 LOW (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea. The manipulation of the argument CDAACCESS_TOKEN leads to use of hard-coded cryptographic key . The attack must be carried out locally. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
align technology / my invisalign app	`cpe:2.3:a:align_technology:my_invisalign_app:3.12.4:::::::*`