CVE-2026-26214

🗓️ 12 Feb 2026 15:01:15Reported by VulnCheckType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 11 Views

The TLS hostname verification is disabled in Galaxy FDS Android SDK up to version 3.0.8, enabling a man in middle on HTTPS by default.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-26214	12 Feb 202615:01	–	attackerkb
CNNVD	galaxy-fds-sdk-android 安全漏洞	12 Feb 202600:00	–	cnnvd
Cvelist	CVE-2026-26214 Xiaomi Galaxy FDS Android SDK <= 3.0.8 TLS Hostname Verification Disabled Enables MITM	12 Feb 202615:01	–	cvelist
NVD	CVE-2026-26214	12 Feb 202616:16	–	nvd
Positive Technologies	PT-2026-7854	12 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-26214	13 Feb 202619:18	–	redhatcve
Snyk	Improper Validation of Certificate with Host Mismatch	12 Feb 202615:56	–	snyk
Vulnrichment	CVE-2026-26214 Xiaomi Galaxy FDS Android SDK <= 3.0.8 TLS Hostname Verification Disabled Enables MITM	12 Feb 202615:01	–	vulnrichment

Vulners

Node

xiaomi_technology galaxy_fds_android_sdkRange0–3.0.8

[
  {
    "defaultStatus": "unknown",
    "packageName": "galaxy-fds-sdk-android",
    "platforms": [
      "Android"
    ],
    "product": "Galaxy FDS Android SDK",
    "repo": "https://github.com/XiaoMi/galaxy-fds-sdk-android",
    "vendor": "Xiaomi Technology Co., Ltd.",
    "versions": [
      {
        "lessThanOrEqual": "3.0.8",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/XiaoMi/galaxy-fds-sdk-android
github	www.github.com/XavLimSG/Vulnerability-Research/blob/main/CVE-2026-26214/CVE-2026-26214.md
vulncheck	www.vulncheck.com/advisories/xiaomi-galaxy-fds-android-sdk-tls-hostname-verification-disabled-enables-mitm

17 Jun 2026 10:25Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.17.4

CVSS 49.1

EPSS0.00184

SSVC

CWE-297