CVE-2026-5682

LOW

Meesho Online Shopping App com.meesho.supply endpoint risky encryption

Title source: cna

Description

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

References (4)

[Vdb Entry] https://vuldb.com/vuln/355509

[Signature, Permissions Required] https://vuldb.com/vuln/355509/cti

[Third Party Advisory] https://vuldb.com/submit/792717

[Exploit] https://github.com/honestcorrupt/MEESHO-CVE

View Exploit ZIP pw:eip

Scores

CVSS v3 3.7

EPSS 0.0002

EPSS Percentile 3.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-310 CWE-327

Status published

Products (4)

Meesho/Online Shopping App 27.0

Meesho/Online Shopping App 27.1

Meesho/Online Shopping App 27.2

Meesho/Online Shopping App 27.3

Published Apr 06, 2026

Tracked Since Apr 07, 2026