CVE-2026-12190

5.3 MEDIUM

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android

Published: 2026-06-14 · Last updated: 2026-06-15

Severity and scoring

CVSS: 5.3 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-285, CWE-939

Description

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment. The vendor was contacted early about this disclosure but did not respond in any way.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-12190
[Other]https://github.com/actuator/ai.mainfunc.genspark
[Other]https://vuldb.com/cve/CVE-2026-12190
[Other]https://vuldb.com/submit/825558
[Other]https://vuldb.com/vuln/370836
[Other]https://vuldb.com/vuln/370836/cti

Related CVEs

Same CWE

CVE-2026-12213 — A vulnerability was found in hcengineering Huly Platform up to 0.7.0 (4.3 MEDIUM)
CVE-2026-12204 — A vulnerability was determined in ShopXO up to 6.7.1 (7.3 HIGH)
CVE-2026-12189 — A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android (5.3 MEDIUM)
CVE-2026-49397 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (5.3 MEDIUM)
CVE-2026-53408 — Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may a... (8.1 HIGH)