4 matches found
CVE-2026-35394
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...
@waigenie/mobile-mcp (=0.0.16) potentially affected by CVE-2026-35394 via @mobilenext/mobile-mcp (=0.0.12)
@mobilenext/mobile-mcp NPM version =0.0.12 is affected by a known vulnerability. The following packages have a transitive dependency on @mobilenext/mobile-mcp and may be impacted: - @waigenie/mobile-mcp =0.0.16 Source cves: CVE-2026-35394 Source advisory: SNYK:JS-MOBILENEXTMOBILEMCP-15918166...
@waigenie/mobile-mcp (=0.0.16) potentially affected by CVE-2026-35394 via @mobilenext/mobile-mcp (=0.0.12)
@mobilenext/mobile-mcp NPM version =0.0.12 is affected by a known vulnerability. The following packages have a transitive dependency on @mobilenext/mobile-mcp and may be impacted: - @waigenie/mobile-mcp =0.0.16 Source cves: CVE-2026-35394 Source advisory: OSV:GHSA-5QHV-X9J4-C3VM...
CVE-2026-35394
creationtimestamp| type| source ---|---|--- 2026-04-02 11:04:41+00:00| published-proof-of-concept| https://github.com/mobile-next/mobile-mcp/security/advisories/GHSA-5qhv-x9j4-c3vm 2026-04-06 23:07:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miuexqa2cz25 2026-04-06...