CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-13514

lowCVSS 2.4covered by 1 sourcefirst seen 2026-06-29
A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform the attack on the physical device. The exploit has been made available to the public and could be used for attacks. Upgrading the affected component is advised. The vendor was informed early about this issue. They confirmed the existence and that they will address it. Furthermore, they explain that their bug bounty "explicitly excludes physical-access attacks". However, they appreciate the quality of the report and aim at making a goodwill payment to the researcher.

⚡ Watch CVE-2026-13514

Get an email if CVE-2026-13514 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-13514

CVE.org record

Embed the live status

CVE-2026-13514 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-13514 status](https://www.csirts.com/badge/CVE-2026-13514)](https://www.csirts.com/cve/CVE-2026-13514)