CVE-2026-35394HIGH 8.8EPSS p30.3%

CVE-2026-35394CVE-2026-35394

Description

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. This vulnerability is fixed in 0.0.50.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.39% probability of exploitation · percentile 30.3% · 2026-06-19T12:03:05Z
Published2026-04-06
Last modified2026-04-09

Underlying weaknesses· 1

CWE-939

References

  1. https://github.com/mobile-next/mobile-mcp/security/advisories/GHSA-5qhv-x9j4-c3vm
  2. https://github.com/mobile-next/mobile-mcp/security/advisories/GHSA-5qhv-x9j4-c3vm

1

TypeTargetConfidenceTier
WeaknessImproper Authorization in Handler for Custom URL Schemecwe-9390%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-59834
CVE
CVE-2025-61492
CVE
CVE-2025-6514
CVE
Android Framework Privilege Escalation Vulnerability
CVE
CVE-2025-2190
CVE
CVE-2026-21037
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.