Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/04/06 8:52 p.m.2 views

CVE-2026-35394 Mobile Next has Arbitrary Android Intent Execution via mobile_open_url

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...

8.3CVSS6.2AI score0.00387EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/06 8:52 p.m.21 views

CVE-2026-35394 Mobile Next has Arbitrary Android Intent Execution via mobile_open_url

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...

8.3CVSS0.00387EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.10 views

Mobile Next 安全漏洞

Mobile Next is an open-source mobile application automation development and testing tool developed by Mobile Next. Versions of Mobile Next prior to 0.0.50 contained security vulnerabilities. These vulnerabilities stemmed from the mobileopenurl tool not verifying the URL schemes provided by users,...

8.8CVSS6AI score0.00387EPSS
Exploits1References2
OSV
OSV
added 2026/04/04 5:37 a.m.4 views

GHSA-5QHV-X9J4-C3VM @mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url

Summary The mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code pass...

8.3CVSS6.3AI score0.00387EPSS
Exploits1References5
Rows per page
Query Builder