Skip to main content

Genspark AI Workspace CVE-2026-12190

| EUVDEUVD-2026-36669 MEDIUM
Improper Authorization in Handler for Custom URL Scheme (CWE-939)
2026-06-14 VulDB GHSA-vm9m-6j35-r47j
4.8
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
4.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Local-only attack via co-installed app requires low privilege (PR:L, AV:L); no scope change and uniformly low CIA impact confirmed by CVSS 4.0 source vector.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 14, 2026 - 23:28 vuln.today

DescriptionCVE.org

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Improper authorization in the custom URL scheme handler of Genspark AI Workspace App 2.8.4 on Android allows a local low-privileged attacker to invoke restricted application functionality via the ai.mainfunc.genspark component without proper access control. The flaw is classified under CWE-939, affecting inter-app communication on Android where the URL scheme handler fails to verify the caller's authorization. No patch is available as the vendor did not respond to responsible disclosure; no public exploit or CISA KEV confirmation exists at time of analysis.

Technical ContextAI

Android applications can register custom URL scheme handlers - also known as deep link or intent handlers - that allow external apps or processes to trigger internal functionality. CWE-939 (Improper Authorization in Handler for Custom URL Scheme) describes a class of weakness where the receiving component fails to validate whether the invoking caller is authorized to perform the requested action. In the Android security model, improperly exported activities or unprotected intent filters can be invoked by any co-resident app on the device. The affected component is ai.mainfunc.genspark within version 2.8.4 of the Genspark AI Workspace App (CPE: cpe:2.3:a:genspark:ai_workspace_app:*:*:*:*:*:*:*:*). The wildcard in the CPE version field indicates NVD has not scoped this to a specific confirmed-fixed version, suggesting the flaw may extend beyond 2.8.4 - though no vendor statement confirms this.

RemediationAI

No vendor-released patch has been identified at time of analysis - the vendor did not respond to responsible disclosure, and no fixed version is confirmed in any available reference. Users should monitor the Genspark app's Google Play Store listing for updates and apply any new release promptly once available. As compensating controls: remove or disable the Genspark AI Workspace App from devices where it handles sensitive data, as this eliminates the attack surface entirely (trade-off: loss of app functionality). Enterprise MDM administrators can use application blocklisting or allowlisting policies to prevent co-installation of untrusted apps that could abuse the URL scheme handler - this limits the threat from malicious co-installed apps without removing Genspark itself. Android 12+ users can review exported activity permissions in device settings and restrict intent handling where platform controls permit. The researcher's disclosure is documented at https://github.com/actuator/ai.mainfunc.genspark and https://vuldb.com/vuln/370836.

Share

CVE-2026-12190 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy