4 matches found
CVE-2026-35394 Mobile Next has Arbitrary Android Intent Execution via mobile_open_url
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...
CVE-2026-35394 Mobile Next has Arbitrary Android Intent Execution via mobile_open_url
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...
Mobile Next 安全漏洞
Mobile Next is an open-source mobile application automation development and testing tool developed by Mobile Next. Versions of Mobile Next prior to 0.0.50 contained security vulnerabilities. These vulnerabilities stemmed from the mobileopenurl tool not verifying the URL schemes provided by users,...
GHSA-5QHV-X9J4-C3VM @mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url
Summary The mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code pass...