CVE-2026-12065: Improper Authorization in Handler for Custom URL Scheme in Groww Stock, Mutual Fund, Gold App
CVE-2026-12065 is a low-severity vulnerability in the Groww Stock, Mutual Fund, Gold App on Android up to version 20260805. It involves improper authorization in the WebView URL handler for a custom URL scheme. Exploitation requires physical device access and is considered difficult. No official patch or remediation guidance is currently available from the vendor.
AI Analysis
Technical Summary
This vulnerability affects the WebView URL handler component of the Groww Stock, Mutual Fund, Gold App on Android (up to version 20260805). Improper authorization in handling custom URL schemes could allow an attacker with physical access to the device to exploit the flaw. The attack complexity is high, and no privileges beyond limited user rights are required. The vulnerability has a low CVSS score of 1.0, indicating minimal impact and difficulty in exploitation. No official remediation or patch has been disclosed by the vendor as of the publication date.
Potential Impact
The vulnerability could allow an attacker with physical access to the device to misuse the custom URL scheme handler due to improper authorization. However, the low CVSS score and high attack complexity suggest limited impact and difficulty in exploitation. There is no indication of privilege escalation, denial of service, or data confidentiality impact beyond the described authorization issue.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should limit physical access to their devices and avoid interacting with untrusted custom URL schemes within the app.
CVE-2026-12065: Improper Authorization in Handler for Custom URL Scheme in Groww Stock, Mutual Fund, Gold App
Description
CVE-2026-12065 is a low-severity vulnerability in the Groww Stock, Mutual Fund, Gold App on Android up to version 20260805. It involves improper authorization in the WebView URL handler for a custom URL scheme. Exploitation requires physical device access and is considered difficult. No official patch or remediation guidance is currently available from the vendor.
CVSS v4.0
Score 1.0low
Affected software
cpe:2.3:a:groww:stock_mutual_fund_gold_app:*:*:*:*:*:*:*:*AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the WebView URL handler component of the Groww Stock, Mutual Fund, Gold App on Android (up to version 20260805). Improper authorization in handling custom URL schemes could allow an attacker with physical access to the device to exploit the flaw. The attack complexity is high, and no privileges beyond limited user rights are required. The vulnerability has a low CVSS score of 1.0, indicating minimal impact and difficulty in exploitation. No official remediation or patch has been disclosed by the vendor as of the publication date.
Potential Impact
The vulnerability could allow an attacker with physical access to the device to misuse the custom URL scheme handler due to improper authorization. However, the low CVSS score and high attack complexity suggest limited impact and difficulty in exploitation. There is no indication of privilege escalation, denial of service, or data confidentiality impact beyond the described authorization issue.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should limit physical access to their devices and avoid interacting with untrusted custom URL schemes within the app.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-12T07:32:56.280Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2c0c11e617e2d83475a243
Added to database: 6/12/2026, 1:39:29 PM
Last enriched: 6/12/2026, 1:54:48 PM
Last updated: 6/12/2026, 2:48:02 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.