CVE-2026-4250: Unprotected Storage of Credentials in Albert Sağlık Hizmetleri ve Ticaret Albert Health
A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android. Affected is an unknown function of the file resources/assets/service-account.json of the component Google Cloud Service Account Key Handler. Performing a manipulation results in unprotected storage of credentials. The attack requires a local approach. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
CVE-2026-4250 is a security vulnerability identified in the Albert Sağlık Hizmetleri ve Ticaret Albert Health Android application, specifically affecting versions 1.7.0 through 1.7.3. The vulnerability arises from improper protection of credentials stored in the file resources/assets/service-account.json, which is used by the Google Cloud Service Account Key Handler component within the app. This file contains sensitive service account credentials that, if accessed by an attacker, could allow unauthorized access to Google Cloud resources associated with the app. The attack vector requires local access to the device, and the complexity of exploitation is considered high, making it difficult to exploit. The vulnerability does not require user interaction and involves limited privileges, but the credentials are stored with insufficient protection, increasing the risk of credential leakage. The vendor was notified early but has not responded or issued patches. The CVSS 4.0 base score is 2.0, indicating low severity, primarily due to the local attack vector, high complexity, and limited scope of impact. No known exploits have been observed in the wild. This vulnerability highlights the importance of secure credential storage practices, especially for mobile applications handling sensitive cloud service keys.
Potential Impact
The primary impact of CVE-2026-4250 is the potential exposure of Google Cloud service account credentials stored insecurely on the local device. If an attacker gains local access to the device, they could extract these credentials and potentially use them to access or manipulate cloud resources tied to the Albert Health app. This could lead to unauthorized data access, modification, or disruption of cloud services. However, the requirement for local access and the high complexity of exploitation limit the likelihood of widespread attacks. The confidentiality of cloud resources is at risk, but integrity and availability impacts are limited unless the attacker leverages the credentials for further malicious activities. Organizations using the affected app in healthcare environments could face data breaches or service disruptions if the vulnerability is exploited. The lack of vendor response and patches increases the risk for users who cannot update or remediate the issue promptly.
Mitigation Recommendations
To mitigate the risk posed by CVE-2026-4250, organizations should implement the following specific measures: 1) Restrict physical and local access to devices running the Albert Health app to trusted personnel only, using strong device-level authentication and encryption. 2) Monitor devices for unauthorized access attempts or suspicious activity that could indicate attempts to extract credentials. 3) If possible, remove or restrict the use of the affected app versions and replace them with updated versions once available or alternative secure applications. 4) Employ mobile device management (MDM) solutions to enforce security policies, including app permissions and secure storage practices. 5) Review and rotate Google Cloud service account keys associated with the app to limit the impact of any credential exposure. 6) Implement network-level controls and monitoring to detect anomalous access patterns to Google Cloud resources. 7) Educate users about the risks of local device compromise and encourage prompt reporting of lost or stolen devices. These steps go beyond generic advice by focusing on controlling local access, credential rotation, and monitoring specific to the affected environment.
Affected Countries
Turkey, United States, Germany, United Kingdom, France, Canada, Australia
CVE-2026-4250: Unprotected Storage of Credentials in Albert Sağlık Hizmetleri ve Ticaret Albert Health
Description
A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android. Affected is an unknown function of the file resources/assets/service-account.json of the component Google Cloud Service Account Key Handler. Performing a manipulation results in unprotected storage of credentials. The attack requires a local approach. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI-Powered Analysis
Technical Analysis
CVE-2026-4250 is a security vulnerability identified in the Albert Sağlık Hizmetleri ve Ticaret Albert Health Android application, specifically affecting versions 1.7.0 through 1.7.3. The vulnerability arises from improper protection of credentials stored in the file resources/assets/service-account.json, which is used by the Google Cloud Service Account Key Handler component within the app. This file contains sensitive service account credentials that, if accessed by an attacker, could allow unauthorized access to Google Cloud resources associated with the app. The attack vector requires local access to the device, and the complexity of exploitation is considered high, making it difficult to exploit. The vulnerability does not require user interaction and involves limited privileges, but the credentials are stored with insufficient protection, increasing the risk of credential leakage. The vendor was notified early but has not responded or issued patches. The CVSS 4.0 base score is 2.0, indicating low severity, primarily due to the local attack vector, high complexity, and limited scope of impact. No known exploits have been observed in the wild. This vulnerability highlights the importance of secure credential storage practices, especially for mobile applications handling sensitive cloud service keys.
Potential Impact
The primary impact of CVE-2026-4250 is the potential exposure of Google Cloud service account credentials stored insecurely on the local device. If an attacker gains local access to the device, they could extract these credentials and potentially use them to access or manipulate cloud resources tied to the Albert Health app. This could lead to unauthorized data access, modification, or disruption of cloud services. However, the requirement for local access and the high complexity of exploitation limit the likelihood of widespread attacks. The confidentiality of cloud resources is at risk, but integrity and availability impacts are limited unless the attacker leverages the credentials for further malicious activities. Organizations using the affected app in healthcare environments could face data breaches or service disruptions if the vulnerability is exploited. The lack of vendor response and patches increases the risk for users who cannot update or remediate the issue promptly.
Mitigation Recommendations
To mitigate the risk posed by CVE-2026-4250, organizations should implement the following specific measures: 1) Restrict physical and local access to devices running the Albert Health app to trusted personnel only, using strong device-level authentication and encryption. 2) Monitor devices for unauthorized access attempts or suspicious activity that could indicate attempts to extract credentials. 3) If possible, remove or restrict the use of the affected app versions and replace them with updated versions once available or alternative secure applications. 4) Employ mobile device management (MDM) solutions to enforce security policies, including app permissions and secure storage practices. 5) Review and rotate Google Cloud service account keys associated with the app to limit the impact of any credential exposure. 6) Implement network-level controls and monitoring to detect anomalous access patterns to Google Cloud resources. 7) Educate users about the risks of local device compromise and encourage prompt reporting of lost or stolen devices. These steps go beyond generic advice by focusing on controlling local access, credential rotation, and monitoring specific to the affected environment.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-03-16T06:06:30.949Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69b84a02771bdb1749186969
Added to database: 3/16/2026, 6:20:50 PM
Last enriched: 3/16/2026, 6:23:12 PM
Last updated: 3/17/2026, 4:46:10 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.