CVE-2026-12189
5.3 MEDIUMA flaw has been found in Moovit Bus & Public Transit App 1.18 on Android
Published: 2026-06-14 · Last updated: 2026-06-14
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-285, CWE-939
Description
A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-12189
- [Other]https://drive.google.com/file/d/1lKtJX8mhbGTiMarv2H3psd9iombJ-dIn/view?usp=sharing
- [Other]https://github.com/honestcorrupt/MOOVIT-CVE-.git
- [Other]https://vuldb.com/cve/CVE-2026-12189
- [Other]https://vuldb.com/submit/824449
- [Other]https://vuldb.com/vuln/370835
- [Other]https://vuldb.com/vuln/370835/cti
Related CVEs
Same CWE
- CVE-2026-12213 — A vulnerability was found in hcengineering Huly Platform up to 0.7.0 (4.3 MEDIUM)
- CVE-2026-12204 — A vulnerability was determined in ShopXO up to 6.7.1 (7.3 HIGH)
- CVE-2026-12190 — A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android (5.3 MEDIUM)
- CVE-2026-49397 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (5.3 MEDIUM)
- CVE-2026-53408 — Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may a... (8.1 HIGH)