CVE-2026-12189
LOW
1,9
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM
5,3
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low
MEDIUM
4,3
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: single
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
285
Improper Authorization
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Access Control
Potential Impacts:
Read Application Data
Read Files Or Directories
Modify Application Data
Modify Files Or Directories
Gain Privileges Or Assume Identity
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
Not Technology-Specific, Web Server, Database Server
939
Improper Authorization in Handler for Custom URL Scheme
IncompleteCommon Consequences
Security Scopes Affected:
Access Control
Other
Potential Impacts:
Gain Privileges Or Assume Identity
Varies By Context
Bypass Protection Mechanism
Applicable Platforms
Technologies:
Mobile
https://drive.google.com/file/d/1lKtJX8mhbGTiMarv2H3psd9iombJ-dIn/view?usp=shar…
https://github.com/honestcorrupt/MOOVIT-CVE-.git
https://vuldb.com/cve/CVE-2026-12189
https://vuldb.com/submit/824449
https://vuldb.com/vuln/370835
https://vuldb.com/vuln/370835/cti