CVE-2026-12189 | Moovit Bus & Public Transit App 1.18 on Android com.tranzmate improper authorization in handler for custom url scheme

Inserito da Angelo Barbosa | Giu 14, 2026 | CVE

A vulnerability, which was classified as problematic, was found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme.

The identification of this vulnerability is CVE-2026-12189. The attack can only be executed locally. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-12189 | Moovit Bus & Public Transit App 1.18 on Android com.tranzmate improper authorization in handler for custom url scheme

Post correlati

CVE-2024-23726 | Ubee DDW365 XCNDDW365/DDW366 XCNDXW3WB WPA2-PSK default credentials

CVE-2026-54055 | kovidgoyal kitty up to 0.47.1 os.open link following (GHSA-q446-x7q6-vcxh)

CVE-2024-2616 | Mozilla Firefox ESR up to 115.8 denial of service

CVE-2025-0701 | JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d /admin/sys/user/list sort sql injection