CVE-2026-4250
Received Received - Intake
Unprotected Credential Storage in Albert Health Google Cloud Handler

Publication date: 2026-03-16

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android. Affected is an unknown function of the file resources/assets/service-account.json of the component Google Cloud Service Account Key Handler. Performing a manipulation results in unprotected storage of credentials. The attack requires a local approach. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4250
EUVD
EUVD-2026-12453
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
albert_saglik_hizmetleri_ve_ticaret albert_health to 1.7.3 (inc)
google cloud_service_account_key_handler *
albert_saglik_hizmetleri_ve_ticaret albert_health 1.7.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-255
CWE-256 The product stores a password in plaintext within resources such as memory or files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-4250 is a vulnerability in the Albert Sağlık Hizmetleri ve Ticaret Albert Health Android application up to version 1.7.3. It involves improper handling and unprotected storage of Google Cloud service account credentials within the file resources/assets/service-account.json. This means sensitive credentials are stored in plaintext inside the app package, making them accessible to an attacker with local access to the device.

The vulnerability is related to CWE-256, which concerns storing passwords or sensitive information in an unprotected manner. Exploiting this flaw requires local access and is considered difficult, but a proof-of-concept exploit is publicly available. Attackers can also use Google hacking techniques to find vulnerable targets.

Impact Analysis

If exploited, this vulnerability allows an attacker to extract the Google Cloud service account key from the application. With these credentials, the attacker can authenticate to Google Cloud Platform with the same privileges as the compromised service account.

  • Unauthorized access to cloud resources.
  • Ability to list projects within the Google Cloud environment.
  • Access, read, and download files from Cloud Storage buckets.
  • Upload new files or manipulate cloud storage content.

Overall, this can lead to data breaches, unauthorized data manipulation, and compromise of cloud infrastructure security.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for the presence of the file named service-account.json within the application package, specifically under resources/assets/. Since the vulnerability involves unprotected storage of Google Cloud service account credentials, inspecting the application files for this JSON key file is essential.'}, {'type': 'paragraph', 'content': 'Additionally, attackers may use Google hacking techniques such as searching for the URL pattern inurl:resources/assets/service-account.json to identify vulnerable targets.'}, {'type': 'paragraph', 'content': 'On a local device or system, you can use commands to search for the file or its contents. For example, on a Unix-like system, you might use:'}, {'type': 'list_item', 'content': 'find / -name service-account.json 2>/dev/null'}, {'type': 'list_item', 'content': "grep -r 'private_key' /path/to/application/resources/assets/"}, {'type': 'paragraph', 'content': 'These commands help locate the sensitive JSON file and check if it contains private key information, indicating the vulnerability.'}] [1]

Mitigation Strategies

Immediate mitigation steps include removing the embedded Google Cloud service account key file (service-account.json) from the application assets to prevent local extraction.

Since no official mitigations or countermeasures have been provided by the vendor, it is recommended to replace the affected component with an alternative solution that does not store sensitive credentials in the application package.

Additionally, consider rotating or revoking the compromised service account keys to prevent unauthorized access to cloud resources.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4250. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart