CVE-2026-5682: Risky Cryptographic Algorithm in Meesho Online Shopping App
CVE-2026-5682 is a medium severity vulnerability in the Meesho Online Shopping App for Android versions up to 27. 3. It involves the use of a risky cryptographic algorithm in an unknown function within the /api/endpoint component com. meesho. supply. The vulnerability can be exploited remotely but requires a high level of complexity, making exploitation difficult. Although the exploit has been publicly disclosed, there are no known exploits in the wild. No official patch or remediation guidance has been provided yet.
AI Analysis
Technical Summary
This vulnerability affects the Meesho Online Shopping App on Android versions 27.0 through 27.3. It stems from the use of a risky cryptographic algorithm in an unspecified function of the /api/endpoint within the com.meesho.supply component. The vulnerability is remotely exploitable without user interaction or privileges but requires high attack complexity. The CVSS 4.0 base score is 6.3, indicating medium severity. No official remediation or patch is currently available, and no known active exploitation has been reported.
Potential Impact
The vulnerability could potentially allow an attacker to compromise cryptographic protections within the app, possibly affecting data confidentiality or integrity. However, the attack complexity is high, and there are no known exploits in the wild, which limits immediate risk. The lack of privileges and user interaction required reduces the attack surface somewhat, but the risky cryptographic algorithm could weaken security guarantees of the app's communications or data handling.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should monitor for updates from Meesho and apply them promptly once available. No specific temporary mitigations are documented.
CVE-2026-5682: Risky Cryptographic Algorithm in Meesho Online Shopping App
Description
CVE-2026-5682 is a medium severity vulnerability in the Meesho Online Shopping App for Android versions up to 27. 3. It involves the use of a risky cryptographic algorithm in an unknown function within the /api/endpoint component com. meesho. supply. The vulnerability can be exploited remotely but requires a high level of complexity, making exploitation difficult. Although the exploit has been publicly disclosed, there are no known exploits in the wild. No official patch or remediation guidance has been provided yet.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the Meesho Online Shopping App on Android versions 27.0 through 27.3. It stems from the use of a risky cryptographic algorithm in an unspecified function of the /api/endpoint within the com.meesho.supply component. The vulnerability is remotely exploitable without user interaction or privileges but requires high attack complexity. The CVSS 4.0 base score is 6.3, indicating medium severity. No official remediation or patch is currently available, and no known active exploitation has been reported.
Potential Impact
The vulnerability could potentially allow an attacker to compromise cryptographic protections within the app, possibly affecting data confidentiality or integrity. However, the attack complexity is high, and there are no known exploits in the wild, which limits immediate risk. The lack of privileges and user interaction required reduces the attack surface somewhat, but the risky cryptographic algorithm could weaken security guarantees of the app's communications or data handling.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should monitor for updates from Meesho and apply them promptly once available. No specific temporary mitigations are documented.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-06T10:00:34.320Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d4982faaed68159ac9fe08
Added to database: 4/7/2026, 5:37:51 AM
Last enriched: 4/14/2026, 4:12:10 PM
Last updated: 5/23/2026, 3:42:08 AM
Views: 62
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.