CVE-2026-4250
Unprotected Credential Storage in Albert Health Google Cloud Handler
Publication date: 2026-03-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| albert_saglik_hizmetleri_ve_ticaret | albert_health | to 1.7.3 (inc) |
| cloud_service_account_key_handler | * | |
| albert_saglik_hizmetleri_ve_ticaret | albert_health | 1.7.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-256 | The product stores a password in plaintext within resources such as memory or files. |
| CWE-255 |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4250 is a vulnerability in the Albert Sağlık Hizmetleri ve Ticaret Albert Health Android application up to version 1.7.3. It involves improper handling and unprotected storage of Google Cloud service account credentials within the file resources/assets/service-account.json. This means sensitive credentials are stored in plaintext inside the app package, making them accessible to an attacker with local access to the device.
The vulnerability is related to CWE-256, which concerns storing passwords or sensitive information in an unprotected manner. Exploiting this flaw requires local access and is considered difficult, but a proof-of-concept exploit is publicly available. Attackers can also use Google hacking techniques to find vulnerable targets.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to extract the Google Cloud service account key from the application. With these credentials, the attacker can authenticate to Google Cloud Platform with the same privileges as the compromised service account.
- Unauthorized access to cloud resources.
- Ability to list projects within the Google Cloud environment.
- Access, read, and download files from Cloud Storage buckets.
- Upload new files or manipulate cloud storage content.
Overall, this can lead to data breaches, unauthorized data manipulation, and compromise of cloud infrastructure security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for the presence of the file named service-account.json within the application package, specifically under resources/assets/. Since the vulnerability involves unprotected storage of Google Cloud service account credentials, inspecting the application files for this JSON key file is essential.'}, {'type': 'paragraph', 'content': 'Additionally, attackers may use Google hacking techniques such as searching for the URL pattern inurl:resources/assets/service-account.json to identify vulnerable targets.'}, {'type': 'paragraph', 'content': 'On a local device or system, you can use commands to search for the file or its contents. For example, on a Unix-like system, you might use:'}, {'type': 'list_item', 'content': 'find / -name service-account.json 2>/dev/null'}, {'type': 'list_item', 'content': "grep -r 'private_key' /path/to/application/resources/assets/"}, {'type': 'paragraph', 'content': 'These commands help locate the sensitive JSON file and check if it contains private key information, indicating the vulnerability.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing the embedded Google Cloud service account key file (service-account.json) from the application assets to prevent local extraction.
Since no official mitigations or countermeasures have been provided by the vendor, it is recommended to replace the affected component with an alternative solution that does not store sensitive credentials in the application package.
Additionally, consider rotating or revoking the compromised service account keys to prevent unauthorized access to cloud resources.