Groww Stock, Mutual Fund, Gold App WebView URL improper authorization...

1 / 10

LOW

CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.

Basic Information

ID CVE-2026-12065

Source VulDB

Published Jun 12, 2026 at 12:30

Modified Jun 12, 2026 at 15:19

Affected Product

Vendor Groww

Product Stock, Mutual Fund, Gold App

Version 20260805

Affected Versions Groww Stock, Mutual Fund, Gold App 20260805

CWE Classification

CWE-939 CWE-285

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.",
    "published": "2026-06-12T12:30:08.900Z",
    "modified": "2026-06-12T15:19:01.719Z",
    "type": "cve",
    "title": "Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/370560\nhttps://vuldb.com/vuln/370560/cti\nhttps://vuldb.com/cve/CVE-2026-12065\nhttps://vuldb.com/submit/822984\nhttps://github.com/honestcorrupt/Groww-Android-Application-Unsafe-WebView-URL-Handling-Weak-Client-Side-App-Lock-Enforcement.git\nhttps://drive.google.com/drive/folders/1r9t4AuG747PmRbgLmY2CztsX5PTjQL19",
    "id": "CVE-2026-12065",
    "bulletinFamily": "",
    "cwe": [
        "CWE-939",
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "Groww Stock, Mutual Fund, Gold App 20260805",
    "sourceHref": "",
    "cvss": {
        "score": 1,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Stock, Mutual Fund, Gold App",
    "version": "20260805",
    "vendor": "Groww",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme_CVE-2026-12065