CVE-2026-12190
MEDIUMGenspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme
Title source: cnaDescription
A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment. The vendor was contacted early about this disclosure but did not respond in any way.
References (5)
Core 5
Core References
Signature, Permissions Required signature
permissions-required
VDB-370836 | CTI Indicators (IOB, IOC)
https://vuldb.com/vuln/370836/cti
Vdb Entry vdb-entry
VDB-370836 | Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme
https://vuldb.com/vuln/370836
Third Party Advisory third-party-advisory
CVE-2026-12190 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-12190
Third Party Advisory third-party-advisory
Submit #825558 | Genspark Genspark AI Workspace 2.8.4 (versionCode 28401) Path Traversal
https://vuldb.com/submit/825558
Scores
CVSS v3
5.3
EPSS
0.0010
EPSS Percentile
1.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-285
CWE-939
Status
published
Products (1)
Genspark/AI Workspace App
2.8.4
Published
Jun 14, 2026
Tracked Since
Jun 15, 2026