Skip to main content

PayRange CVE-2026-13461

| EUVDEUVD-2026-42635 CRITICAL
2026-07-09 cret@cert.org GHSA-g8qr-vqpc-qjpw
9.6
CVSS 3.1 · Vendor: cert
Share

Severity by source

Vendor (cert) PRIMARY
9.6 CRITICAL
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vuln.today AI
8.3 HIGH

AC:H because exploitation requires an SSL-bypass/MITM position; UI:R for required user interaction; S:C and high C/I/A reflect the WebView sandbox escape to device-level actions.

3.1 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N

Primary rating from Vendor (cert).

CVSS VectorVendor: cert

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jul 10, 2026 - 21:34 vuln.today
CVSS changed
Jul 10, 2026 - 21:22 NVD
9.6 (CRITICAL)
CVE Published
Jul 09, 2026 - 17:16 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device.

AnalysisAI

WebView sandbox escape in the PayRange 7.0.7 mobile payment app allows a network attacker to inject arbitrary JavaScript into the app's embedded WebView when chained with a separate SSL/TLS bypass, then invoke privileged JavaScript-to-native function calls to break out of the sandbox and perform dangerous actions on the victim's device. Affected users are those running PayRange 7.0.7 who can be induced to open attacker-influenced content while an attacker holds a man-in-the-middle position. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Gain man-in-the-middle network position
Delivery
Abuse SSL bypass to intercept TLS
Exploit
Inject JavaScript into app WebView
Install
User interaction loads malicious script
C2
Call native bridge functions
Execute
Escape WebView sandbox
Impact
Perform dangerous actions on device

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to also leverage the app's SSL bypass vulnerability to intercept and modify the PayRange 7.0.7 app's TLS traffic - i.e. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H, score 9.6) rates this critical with network reach, no privileges, and a scope change reflecting the sandbox escape, but it requires user interaction (UI:R). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A victim running PayRange 7.0.7 connects to an attacker-controlled or compromised Wi-Fi network; the attacker exploits the SSL bypass to intercept the app's HTTPS traffic and inject malicious JavaScript into the app's WebView. When the victim interacts with the app, the injected script invokes the exposed native function calls to escape the WebView sandbox and perform dangerous actions on the device. …
Remediation No vendor-released patched version is identified in the available data, so a specific fix version cannot be cited; monitor the CERT/CC advisory (https://kb.cert.org/vuls/id/152953) and PayRange's app-store listings and upgrade to any release later than 7.0.7 as soon as the vendor confirms a fix, since this is a client-side app fix that only takes effect once users update. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all PayRange 7.0.7 deployments across mobile endpoints and restricted networks; notify affected users to avoid public WiFi/untrusted networks during PayRange usage. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-13461 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy