CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-24490

MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting (XSS) vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The `android:host` attribute from `<data android:scheme="android_secret_code">` elements is rendered in HTML reports without sanitization, enabling session hijacking and account takeover. Version 4.4.5 fixes the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.0%

CVSS Severity

CVSS v3 Score 8.1

References

Products affected by CVE-2026-24490

Opensecurity » Mobile Security Framework » Version: N/A

cpe:2.3:a:opensecurity:mobile_security_framework:-
Opensecurity » Mobile Security Framework » Version: 0.8.3

cpe:2.3:a:opensecurity:mobile_security_framework:0.8.3
Opensecurity » Mobile Security Framework » Version: 0.8.4

cpe:2.3:a:opensecurity:mobile_security_framework:0.8.4
Opensecurity » Mobile Security Framework » Version: 0.8.5

cpe:2.3:a:opensecurity:mobile_security_framework:0.8.5
Opensecurity » Mobile Security Framework » Version: 0.8.6

cpe:2.3:a:opensecurity:mobile_security_framework:0.8.6
Opensecurity » Mobile Security Framework » Version: 0.8.7

cpe:2.3:a:opensecurity:mobile_security_framework:0.8.7
Opensecurity » Mobile Security Framework » Version: 0.8.8

cpe:2.3:a:opensecurity:mobile_security_framework:0.8.8
Opensecurity » Mobile Security Framework » Version: 0.8.8.1

cpe:2.3:a:opensecurity:mobile_security_framework:0.8.8.1
Opensecurity » Mobile Security Framework » Version: 0.8.8.2

cpe:2.3:a:opensecurity:mobile_security_framework:0.8.8.2
Opensecurity » Mobile Security Framework » Version: 0.9

cpe:2.3:a:opensecurity:mobile_security_framework:0.9
Opensecurity » Mobile Security Framework » Version: 0.9.1

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.1
Opensecurity » Mobile Security Framework » Version: 0.9.2

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.2
Opensecurity » Mobile Security Framework » Version: 0.9.3

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.3
Opensecurity » Mobile Security Framework » Version: 0.9.3.1

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.3.1
Opensecurity » Mobile Security Framework » Version: 0.9.3.2

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.3.2
Opensecurity » Mobile Security Framework » Version: 0.9.3.3

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.3.3
Opensecurity » Mobile Security Framework » Version: 0.9.3.4

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.3.4
Opensecurity » Mobile Security Framework » Version: 0.9.3.5

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.3.5
Opensecurity » Mobile Security Framework » Version: 0.9.3.6

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.3.6
Opensecurity » Mobile Security Framework » Version: 0.9.3.7

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.3.7
Opensecurity » Mobile Security Framework » Version: 0.9.4

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.4
Opensecurity » Mobile Security Framework » Version: 0.9.4.1

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.4.1
Opensecurity » Mobile Security Framework » Version: 0.9.4.2

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.4.2
Opensecurity » Mobile Security Framework » Version: 0.9.5

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.5
Opensecurity » Mobile Security Framework » Version: 0.9.5.2

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.5.2
Opensecurity » Mobile Security Framework » Version: 0.9.5.4

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.5.4
Opensecurity » Mobile Security Framework » Version: 0.9.5.5

cpe:2.3:a:opensecurity:mobile_security_framework:0.9.5.5
Opensecurity » Mobile Security Framework » Version: 1.0.3

cpe:2.3:a:opensecurity:mobile_security_framework:1.0.3
Opensecurity » Mobile Security Framework » Version: 1.1.5

cpe:2.3:a:opensecurity:mobile_security_framework:1.1.5
Opensecurity » Mobile Security Framework » Version: 1.1.6

cpe:2.3:a:opensecurity:mobile_security_framework:1.1.6
Opensecurity » Mobile Security Framework » Version: 2.0.0

cpe:2.3:a:opensecurity:mobile_security_framework:2.0.0
Opensecurity » Mobile Security Framework » Version: 3.0.0

cpe:2.3:a:opensecurity:mobile_security_framework:3.0.0
Opensecurity » Mobile Security Framework » Version: 3.0.1

cpe:2.3:a:opensecurity:mobile_security_framework:3.0.1
Opensecurity » Mobile Security Framework » Version: 3.0.5

cpe:2.3:a:opensecurity:mobile_security_framework:3.0.5
Opensecurity » Mobile Security Framework » Version: 3.1.1

cpe:2.3:a:opensecurity:mobile_security_framework:3.1.1
Opensecurity » Mobile Security Framework » Version: 3.2.6

cpe:2.3:a:opensecurity:mobile_security_framework:3.2.6
Opensecurity » Mobile Security Framework » Version: 3.2.8

cpe:2.3:a:opensecurity:mobile_security_framework:3.2.8
Opensecurity » Mobile Security Framework » Version: 3.2.9

cpe:2.3:a:opensecurity:mobile_security_framework:3.2.9
Opensecurity » Mobile Security Framework » Version: 3.3.3

cpe:2.3:a:opensecurity:mobile_security_framework:3.3.3
Opensecurity » Mobile Security Framework » Version: 3.3.5

cpe:2.3:a:opensecurity:mobile_security_framework:3.3.5
Opensecurity » Mobile Security Framework » Version: 3.4.0

cpe:2.3:a:opensecurity:mobile_security_framework:3.4.0
Opensecurity » Mobile Security Framework » Version: 3.4.3

cpe:2.3:a:opensecurity:mobile_security_framework:3.4.3
Opensecurity » Mobile Security Framework » Version: 3.4.6

cpe:2.3:a:opensecurity:mobile_security_framework:3.4.6
Opensecurity » Mobile Security Framework » Version: 3.5.0

cpe:2.3:a:opensecurity:mobile_security_framework:3.5.0
Opensecurity » Mobile Security Framework » Version: 3.6.0

cpe:2.3:a:opensecurity:mobile_security_framework:3.6.0
Opensecurity » Mobile Security Framework » Version: 3.6.9

cpe:2.3:a:opensecurity:mobile_security_framework:3.6.9
Opensecurity » Mobile Security Framework » Version: 3.7.6

cpe:2.3:a:opensecurity:mobile_security_framework:3.7.6
Opensecurity » Mobile Security Framework » Version: 3.7.8

cpe:2.3:a:opensecurity:mobile_security_framework:3.7.8
Opensecurity » Mobile Security Framework » Version: 3.9.7

cpe:2.3:a:opensecurity:mobile_security_framework:3.9.7
Opensecurity » Mobile Security Framework » Version: 3.9.8

cpe:2.3:a:opensecurity:mobile_security_framework:3.9.8
Opensecurity » Mobile Security Framework » Version: 4.0.5

cpe:2.3:a:opensecurity:mobile_security_framework:4.0.5
Opensecurity » Mobile Security Framework » Version: 4.0.6

cpe:2.3:a:opensecurity:mobile_security_framework:4.0.6
Opensecurity » Mobile Security Framework » Version: 4.0.7

cpe:2.3:a:opensecurity:mobile_security_framework:4.0.7
Opensecurity » Mobile Security Framework » Version: 4.2.9

cpe:2.3:a:opensecurity:mobile_security_framework:4.2.9
Opensecurity » Mobile Security Framework » Version: 4.3.0

cpe:2.3:a:opensecurity:mobile_security_framework:4.3.0
Opensecurity » Mobile Security Framework » Version: 4.3.1

cpe:2.3:a:opensecurity:mobile_security_framework:4.3.1
Opensecurity » Mobile Security Framework » Version: 4.3.2

cpe:2.3:a:opensecurity:mobile_security_framework:4.3.2
Opensecurity » Mobile Security Framework » Version: 4.3.3

cpe:2.3:a:opensecurity:mobile_security_framework:4.3.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-24490

Products

Pricing

Contact Us