CWE-926 (Improper Export of Android Application Components) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
Extended context from the CWE catalog (rendered from MITRE XHTML).
There are three types of components that can be exported in an Android application.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
| technology | — | Mobile | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-44279 | 2026-05-12 | A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attac… |
| CVE-2026-3291 | 2026-05-06 | Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate t… |
| CVE-2025-15464 | 2026-01-08 | Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls. |
| CVE-2025-14517 | 2025-12-11 | A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android applica… |
| CVE-2025-10722 | 2025-09-19 | A vulnerability was detected in SKTLab Mukbee App 1.01.196 on Android. This affects an unknown function of the file AndroidManifest.xml of the component com.dw.android.mukbee. The manipulation results… |
| CVE-2025-10721 | 2025-09-19 | A vulnerability was determined in Webull Investing & Trading App 11.2.5.63 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml. This manipulation causes improper export… |
| CVE-2025-10718 | 2025-09-19 | A vulnerability was found in Ooma Office Business Phone App up to 7.2.2 on Android. This affects an unknown part of the component com.ooma.office2. The manipulation results in improper export of andro… |
| CVE-2025-10717 | 2025-09-19 | A vulnerability has been found in intsig CamScanner App 6.91.1.5.250711 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.intsig.cam… |
| CVE-2025-10716 | 2025-09-19 | A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cxsw.sdprinter. Exec… |
| CVE-2025-10715 | 2025-09-19 | A security flaw has been discovered in APEUni PTE Exam Practice App up to 10.8.0 on Android. The impacted element is an unknown function of the file AndroidManifest.xml of the component com.ape_edicat… |
| CVE-2025-10195 | 2025-09-10 | A vulnerability has been found in Seismic App 2.4.2 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.seismic.doccenter. Such manipulation leads to impro… |
| CVE-2025-5500 | 2025-09-09 | A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipulat… |
| CVE-2025-32347 | 2025-09-04 | In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. This could lead to local escalation of privilege with no addi… |
| CVE-2025-9695 | 2025-08-30 | A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.think… |
| CVE-2025-9677 | 2025-08-29 | A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. … |
| CVE-2025-9676 | 2025-08-29 | A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to im… |
| CVE-2025-9675 | 2025-08-29 | A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manip… |
| CVE-2025-9674 | 2025-08-29 | A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.hatsune.eagleee. Thi… |
| CVE-2025-9673 | 2025-08-29 | A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao… |
| CVE-2025-9672 | 2025-08-29 | A security vulnerability has been detected in Rejseplanen App up to 8.2.2. Affected is an unknown function of the file AndroidManifest.xml of the component de.hafas.android.rejseplanen. The manipulati… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2014-01-22 | CWE Content Team | 2.6 | Critical | Expanded entry to be more general and include all types of Android components that may be improperly exported. |
| 2014-02-18 | CWE Content Team | 2.6 | — | updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Potential_Mitigations, References |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated References |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Applicable_Platforms, Relationships |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated Background_Details |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Detection_Factors, References, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Relationships, Weakness_Ordinalities |