Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
1.9
Freedom Factory dGEN1 Token Balance Data Exposure
CVE-2026-3671
Summary
A flaw in Freedom Factory dGEN1's TokenBalanceContentProvider function allows an attacker with local access to view unauthorized data. This issue affects users who rely on dGEN1 for sensitive information. Update to the latest version (20260221 or later) to prevent potential unauthorized access.
Original title
A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function TokenBalanceContentProvider of the component org.ethereumphone.walletmanager.testing123...
Original description
A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function TokenBalanceContentProvider of the component org.ethereumphone.walletmanager.testing123. Executing a manipulation can lead to improper authorization. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
1.7
nvd CVSS3.1
3.3
nvd CVSS4.0
1.9
Vulnerability type
CWE-266
Incorrect Privilege Assignment
CWE-285
Improper Authorization
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026