CVE-2026-12065
Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme
CVSS Score
1.8
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
| CWE | CWE-939 CWE-285 |
| Vendor | groww |
| Product | stock, mutual fund, gold app |
| Published | Jun 12, 2026 |
| Last Updated | Jun 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for groww stock, mutual fund, gold app
Be the first to know when new low vulnerabilities affecting groww stock, mutual fund, gold app are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Groww / Stock, Mutual Fund, Gold App
20260805
References
vuldb.com: https://vuldb.com/vuln/370560 vuldb.com: https://vuldb.com/vuln/370560/cti vuldb.com: https://vuldb.com/cve/CVE-2026-12065 vuldb.com: https://vuldb.com/submit/822984 github.com: https://github.com/honestcorrupt/Groww-Android-Application-Unsafe-WebView-URL-Handling-Weak-Client-Side-App-Lock-Enforcement.git drive.google.com: https://drive.google.com/drive/folders/1r9t4AuG747PmRbgLmY2CztsX5PTjQL19 github.com: https://github.com/honestcorrupt/CVE-req-Groww-Android-Application-Unsafe-WebView-URL-Handling-Weak-Client-Side-App-Lock-Enforcement
Credits
๐ honest_corrupt (VulDB User) VulDB CNA Team