Skip to main content

Ai Workspace App

1 CVEs product

Monthly

CVE-2026-12190 MEDIUM This Month

Improper authorization in the custom URL scheme handler of Genspark AI Workspace App 2.8.4 on Android allows a local low-privileged attacker to invoke restricted application functionality via the ai.mainfunc.genspark component without proper access control. The flaw is classified under CWE-939, affecting inter-app communication on Android where the URL scheme handler fails to verify the caller's authorization. No patch is available as the vendor did not respond to responsible disclosure; no public exploit or CISA KEV confirmation exists at time of analysis.

Google Information Disclosure Ai Workspace App
NVD VulDB GitHub
CVSS 4.0
4.8
EPSS
0.1%
EPSS 0% CVSS 4.8
MEDIUM This Month

Improper authorization in the custom URL scheme handler of Genspark AI Workspace App 2.8.4 on Android allows a local low-privileged attacker to invoke restricted application functionality via the ai.mainfunc.genspark component without proper access control. The flaw is classified under CWE-939, affecting inter-app communication on Android where the URL scheme handler fails to verify the caller's authorization. No patch is available as the vendor did not respond to responsible disclosure; no public exploit or CISA KEV confirmation exists at time of analysis.

Google Information Disclosure Ai Workspace App
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy