Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for...

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

Description

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-12190

Source VulDB

Published Jun 14, 2026 at 22:45

Affected Product

Vendor Genspark

Product AI Workspace App

Version 2.8.4

Affected Versions Genspark AI Workspace App 2.8.4

CWE Classification

CWE-939 CWE-285

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-06-14T22:45:07.816Z",
    "modified": "2026-06-14T22:45:07.816Z",
    "type": "cve",
    "title": "Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/370836\nhttps://vuldb.com/vuln/370836/cti\nhttps://vuldb.com/cve/CVE-2026-12190\nhttps://vuldb.com/submit/825558\nhttps://github.com/actuator/ai.mainfunc.genspark",
    "id": "CVE-2026-12190",
    "bulletinFamily": "",
    "cwe": [
        "CWE-939",
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "Genspark AI Workspace App 2.8.4",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AI Workspace App",
    "version": "2.8.4",
    "vendor": "Genspark",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme_CVE-2026-12190