CVE-2026-13514
Last modified
CVE-2026-13514 is a low-severity vulnerability rated 2.4/10 on the CVSS scale. A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. EPSS estimates a 0.13% chance of exploitation in the next 30 days.
Description
A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform the attack on the physical device. The exploit has been made available to the public and could be used for attacks. Upgrading the affected component is advised. The vendor was informed early about this issue. They confirmed the existence and that they will address it. Furthermore, they explain that their bug bounty "explicitly excludes physical-access attacks". However, they appreciate the quality of the report and aim at making a goodwill payment to the researcher.
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| Chess | Play and Learn App | 4.9.0; 4.9.1; 4.9.2; 4.9.3; 4.9.4; 4.9.5; 4.9.6; 4.9.7; 4.9.8; 4.9.9; 4.9.10; 4.9.11; 4.9.12; 4.9.13; 4.9.14; 4.9.15; 4.9.16; 4.9.17; 4.9.18; 4.9.19; 4.9.20; 4.9.21; 4.9.22; 4.9.23; 4.9.24; 4.9.25; 4.9.26; 4.9.27; 4.9.28; 4.9.29; 4.9.30; 4.9.31; 4.9.32; 4.9.33; 4.9.34; 4.9.35; 4.9.36; 4.9.37; 4.9.38; 4.9.39; 4.9.40; 4.9.41; 4.9.42 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-13514?
How severe is CVE-2026-13514?
How do I fix CVE-2026-13514?
Related CVEs from 2026
- CVE-2026-13508A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. T…5.5
- CVE-2026-13509A vulnerability has been found in RAGapp up to 0.1.5. Affect…6.3
- CVE-2026-13510A vulnerability was found in SimStudioAI sim up to 0.6.92. A…3.7
- CVE-2026-13511A vulnerability was determined in VoltAgent up to 2.1.17. Af…3.1
- CVE-2026-13512A vulnerability was identified in Databend up to 1.2.881 on …6.3
- CVE-2026-13513A security flaw has been discovered in MyScale MyScaleDB up …5
- CVE-2026-13515A security vulnerability has been detected in Tenda JD12L 16…8.8
- CVE-2026-13516A vulnerability was detected in Tenda JD12L 16.03.53.23. The…8.8
- CVE-2026-13517A flaw has been found in Tenda JD12L 16.03.53.23. The impact…8.8
- CVE-2026-13518A vulnerability has been found in Tenda JD12L 16.03.53.23. T…8.8
- CVE-2026-13519A vulnerability was found in Tenda JD12L 16.03.53.23. This i…8.8
- CVE-2026-1352IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for…6.5
Are you affected by CVE-2026-13514?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
