CVE-2026-5682

LOW

Meesho Online Shopping App com.meesho.supply endpoint risky encryption

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-5682. PoCs published by honestcorrupt.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-5682, an improper encryption vulnerability in the Meesho Android app. It highlights the use of AES-CBC without integrity protection and weak MD5-based key derivation, along with proof-of-concept steps for tampering with encrypted payloads.

Description

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WRITEUP

by honestcorrupt · poc

https://github.com/honestcorrupt/meesho-android-improper-encryption-cve-2026-5682

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2026-5682, an improper encryption vulnerability in the Meesho Android app. It highlights the use of AES-CBC without integrity protection and weak MD5-based key derivation, along with proof-of-concept steps for tampering with encrypted payloads.

Classification

Writeup 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: Meesho Android App (com.meesho.supply)

No auth needed

Prerequisites: Burp Suite or similar proxy tool · Meesho Android app installed

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 11, 2026 Full analysis →

References (4)

Core 4

Core References

Vdb Entry vdb-entry

VDB-355509 | Meesho Online Shopping App com.meesho.supply endpoint risky encryption

https://vuldb.com/vuln/355509

Signature, Permissions Required signature permissions-required

VDB-355509 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/355509/cti

Third Party Advisory third-party-advisory

Submit #792717 | Meesho Android Application 27.3 Cryptographic Issue / Improper Encryption

https://vuldb.com/submit/792717

Exploit exploit

https://github.com/honestcorrupt/MEESHO-CVE

View Exploit ZIP pw:eip

Scores

CVSS v3 3.7

EPSS 0.0019

EPSS Percentile 8.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-310 CWE-327

Status published

Products (4)

Meesho/Online Shopping App 27.0

Meesho/Online Shopping App 27.1

Meesho/Online Shopping App 27.2

Meesho/Online Shopping App 27.3

Published Apr 06, 2026

Tracked Since Apr 07, 2026