CVE-2026-8990: CWE-288 Authentication Bypass Using an Alternate Path or Channel in View Concept Kidsview
A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3
AI Analysis
Technical Summary
CVE-2026-8990 describes an authentication bypass vulnerability in the Kidsview mobile app version 4.0.1. A user with physical access to the smartphone can exploit the app's push notification handling to bypass authentication controls and gain full access to the account. This vulnerability is linked to improper authentication checks (CWE-288) and exposure of sensitive information (CWE-359). The issue was resolved by the vendor in version 4.4.3. The CVSS 4.0 vector indicates the attack requires physical access (AV:P), low attack complexity (AC:L), and no privileges or user interaction, with high impact on confidentiality and integrity. No cloud service implications are noted.
Potential Impact
Successful exploitation allows an attacker with physical access to the device to bypass authentication and fully access the victim's Kidsview account, potentially exposing private information and allowing unauthorized control. The impact affects confidentiality and integrity of the user's data within the app. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Users and administrators should upgrade the Kidsview mobile application to version 4.4.3 or later, where this vulnerability has been fixed. Since this is not a cloud service, remediation requires updating the client app on affected devices. No other mitigation or temporary workaround is indicated by the vendor or advisory.
CVE-2026-8990: CWE-288 Authentication Bypass Using an Alternate Path or Channel in View Concept Kidsview
Description
A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3
CVSS v4.0
Score 5.3medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-8990 describes an authentication bypass vulnerability in the Kidsview mobile app version 4.0.1. A user with physical access to the smartphone can exploit the app's push notification handling to bypass authentication controls and gain full access to the account. This vulnerability is linked to improper authentication checks (CWE-288) and exposure of sensitive information (CWE-359). The issue was resolved by the vendor in version 4.4.3. The CVSS 4.0 vector indicates the attack requires physical access (AV:P), low attack complexity (AC:L), and no privileges or user interaction, with high impact on confidentiality and integrity. No cloud service implications are noted.
Potential Impact
Successful exploitation allows an attacker with physical access to the device to bypass authentication and fully access the victim's Kidsview account, potentially exposing private information and allowing unauthorized control. The impact affects confidentiality and integrity of the user's data within the app. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Users and administrators should upgrade the Kidsview mobile application to version 4.4.3 or later, where this vulnerability has been fixed. Since this is not a cloud service, remediation requires updating the client app on affected devices. No other mitigation or temporary workaround is indicated by the vendor or advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CERT-PL
- Date Reserved
- 2026-05-19T13:13:51.711Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a184ec2e29bf47b50f3f92d
Added to database: 5/28/2026, 2:18:42 PM
Last enriched: 5/28/2026, 2:34:45 PM
Last updated: 5/29/2026, 8:21:41 AM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.