CVE-2026-12065
LOWGroww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme
Title source: cnaDescription
A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
References (7)
Core 7
Core References
Vdb Entry vdb-entry
VDB-370560 | Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme
https://vuldb.com/vuln/370560
Signature, Permissions Required signature
permissions-required
VDB-370560 | CTI Indicators (IOB, IOC)
https://vuldb.com/vuln/370560/cti
Third Party Advisory third-party-advisory
CVE-2026-12065 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-12065
Third Party Advisory third-party-advisory
Submit #822984 | Groww Groww Android Application Latest Available Version Weak Client-Side Protection and Unsafe WebView URL Handling
https://vuldb.com/submit/822984
Scores
CVSS v3
1.8
EPSS
0.0011
EPSS Percentile
1.3%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-285
CWE-939
Status
published
Products (1)
Groww/Stock, Mutual Fund, Gold App
20260805
Published
Jun 12, 2026
Tracked Since
Jun 12, 2026