Login Sign Up

CVE-2024-26131

8.4 HIGH
Authentication Bypass

📋 TL;DR

Element Android versions 1.4.3 through 1.6.10 are vulnerable to intent redirection, allowing malicious apps to launch internal activities with arbitrary parameters. This could enable attackers to display malicious web pages, bypass PIN protection, or steal login credentials via spoofed login screens. All Android users running vulnerable Element versions are affected.

💻 Affected Systems

Products:
  • Element Android
Versions: 1.4.3 through 1.6.10
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All standard installations within the affected version range are vulnerable; no special configuration required for exploitation.

📦 What is this software?

Element by Element

View all CVEs affecting Element →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover by intercepting login credentials sent to attacker-controlled servers, combined with PIN bypass and arbitrary JavaScript execution.

🟠

Likely Case

Malicious apps tricking users into entering credentials on spoofed login screens or displaying phishing pages within the app.

🟢

If Mitigated

Limited impact if users only install apps from trusted sources and maintain updated devices, though risk remains from sideloaded malicious apps.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires a malicious Android app installed on the same device; no authentication needed within Element.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.12

Vendor Advisory: https://github.com/element-hq/element-android/security/advisories/GHSA-j6pr-fpc8-q9vm

Restart Required: Yes

Instructions:

1. Open Google Play Store 2. Search for 'Element' 3. Tap 'Update' if available 4. Alternatively, download directly from element.io 5. Restart the app after update

🧯 If You Can't Patch

  • Uninstall Element Android and use web or desktop versions temporarily
  • Disable app installation from unknown sources in Android settings

🔍 How to Verify

Check if Vulnerable:

Open Element Android app → Settings → About → Check if version is between 1.4.3 and 1.6.10 inclusive

Check Version:

Not applicable for Android apps; check via app settings

Verify Fix Applied:

Confirm app version is 1.6.12 or higher in Settings → About

📡 Detection & Monitoring

Log Indicators:

  • Unusual activity launches from external intents
  • Unexpected web page loads within the app

Network Indicators:

  • Connections to non-standard Matrix servers during login
  • Unexpected JavaScript execution from external sources

SIEM Query:

Not typically applicable for mobile app vulnerabilities

📊 Metadata

CVE ID: CVE-2024-26131
CVSS v3 Score: 8.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-923
Published: February 29, 2024
Last Updated: February 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26131, you might also want to check these:

CVE-2024-41889 9.8

This vulnerability allows remote unauthenticated attackers to execute arbitrary code on affected Pim...

Same vulnerability type (CWE-923)
CVE-2023-28078 9.1

Dell OS10 Networking Switches running 10.5.2.x and above contain a zeroMQ vulnerability when VLT (Vi...

Same vulnerability type (CWE-923)
CVE-2025-20261 8.8

This vulnerability allows authenticated remote attackers to bypass SSH restrictions on Cisco UCS ser...

Same vulnerability type (CWE-923)