CVE-2026-35394
Published: 06 April 2026
Summary
CVE-2026-35394 is a high-severity Improper Authorization in Handler for Custom URL Scheme (CWE-939) vulnerability in Mobilenexthq Mobile Mcp. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of user-supplied URLs in the mobile_open_url tool to block invalid schemes and prevent arbitrary Android intent execution.
Ensures timely remediation of the flaw through patching to version 0.0.50 or later, as recommended in the GitHub security advisory.
Enforces access control policies to restrict unauthorized execution of Android intents triggered by unvalidated URL inputs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in network-accessible MCP server (public-facing application) allows remote exploitation via malicious URL without scheme validation; attack requires tricking user into invoking mobile_open_url tool with malicious link to trigger arbitrary Android intents.
NVD Description
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes,…
more
phone calls, SMS messages, and content provider access. This vulnerability is fixed in 0.0.50.
Deeper analysisAI
CVE-2026-35394 affects Mobile Next, an MCP server for mobile development and automation, specifically the mobile_open_url tool in the mobile-mcp component prior to version 0.0.50. The vulnerability stems from passing user-supplied URLs directly to Android's intent system without scheme validation, enabling the execution of arbitrary Android intents. This issue, classified under CWE-939 (Improper Authorization in Handler for Custom URL Scheme), carries a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H).
An attacker can exploit this vulnerability remotely over the network with low complexity and no required privileges, but it necessitates user interaction, such as tricking a user into invoking the mobile_open_url tool with a malicious URL. Successful exploitation allows the execution of arbitrary Android intents, potentially leading to actions like dialing USSD codes, initiating phone calls, sending SMS messages, or accessing content providers, resulting in high integrity and availability impacts alongside low confidentiality impact.
The GitHub security advisory for mobile-next/mobile-mcp (GHSA-5qhv-x9j4-c3vm) confirms the vulnerability is fixed in version 0.0.50, recommending users upgrade to this or later versions to mitigate the issue. No additional workarounds are specified in the provided references.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp, mcp