{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35394", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-02T17:03:42.074Z", "datePublished": "2026-04-06T20:52:25.170Z", "dateUpdated": "2026-04-07T15:09:43.022Z"}, "containers": {"cna": {"title": "Mobile Next has Arbitrary Android Intent Execution via mobile_open_url", "problemTypes": [{"descriptions": [{"cweId": "CWE-939", "lang": "en", "description": "CWE-939: Improper Authorization in Handler for Custom URL Scheme", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/mobile-next/mobile-mcp/security/advisories/GHSA-5qhv-x9j4-c3vm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mobile-next/mobile-mcp/security/advisories/GHSA-5qhv-x9j4-c3vm"}], "affected": [{"vendor": "mobile-next", "product": "mobile-mcp", "versions": [{"version": "< 0.0.50", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T20:52:25.170Z"}, "descriptions": [{"lang": "en", "value": "Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. This vulnerability is fixed in 0.0.50."}], "source": {"advisory": "GHSA-5qhv-x9j4-c3vm", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/mobile-next/mobile-mcp/security/advisories/GHSA-5qhv-x9j4-c3vm", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T14:52:14.299357Z", "id": "CVE-2026-35394", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T15:09:43.022Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. This vulnerability is fixed in 0.0.50."}], "id": "CVE-2026-35394", "lastModified": "2026-04-07T13:20:11.643", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-06T21:16:21.300", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/mobile-next/mobile-mcp/security/advisories/GHSA-5qhv-x9j4-c3vm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-939"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.0.50)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "mobile-mcp", "source": "cna", "vendor": "mobile-next"}, "product": "mobile-mcp", "vendor": "mobile-next"}], "analysis": {"en": {"generated_at": "2026-04-07T02:03:39.623126+00:00", "value": {"mitigation_remediation": ["Upgrade the Mobile Next MCP server to version 0.0.50 or later.", "If immediate upgrade is not possible, restrict or disable the mobile_open_url functionality for untrusted input sources, ensuring that only trusted users can invoke the tool.", "Consider isolating the MCP server from untrusted networks and monitor its activity for anomalous intent execution attempts."], "summary": {"action": "Immediate Patch", "impact": "Remote Command Execution"}, "threat_synthesis": {"affected_systems": "The flaw resides in the Mobile Next MCP server, specifically the mobile-mcp component of the Mobile Next platform. Devices running any version prior to 0.0.50 are susceptible. The remediation path\u2014patching or upgrading to version 0.0.50 or later\u2014removes the unchecked URL forwarding behavior.", "description_and_impact": "This vulnerability allows callers of the mobile_open_url tool to supply arbitrary URLs that are forwarded directly to Android\u2019s intent system without any validation of the URI scheme. As a result, an attacker can trigger a wide range of Android intents, including USSD codes, phone calls, SMS messages, and direct access to content providers. Because the intent is executed without checks, the attacker can potentially exfiltrate data, place calls, send messages, or manipulate other apps on the device. The weakness is identified as CWE\u2011939, which describes Remote Command Injection via unintended command execution.", "risk_and_exploitability": "With a CVSS score of 8.3, the vulnerability is considered high severity. The EPSS score is not available, and the issue is not currently listed in the CISA KEV catalog, suggesting that publicly known exploitation might be limited at present. However, the attack vector is inferred to be local or remote depending on whether the mobile_open_url tool is exposed over a network; an attacker who can supply a malicious URL to the tool can trigger the vulnerability. Without additional validation, the risk remains significant because invoking Android intents can produce a wide range of harmful outcomes."}}}}, "created": "2026-04-07T06:54:07.657822+00:00", "updated": "2026-04-07T09:37:07.692940+00:00", "vendors": ["mobile-next", "mobile-next$PRODUCT$mobile-mcp"]}