CVE-2026-12065
LowCVSS 1.8Summary
A vulnerability was identified in Groww Stock, Mutual Fund, Gold App on Android, affecting an unknown part of the WebView URL Handler component. The manipulation leads to improper authorization in the handler for custom URL scheme.
Risk Assessment
The attack can be launched on a physical device, and its complexity is rather high. A publicly available exploit exists that might be used.
Recommendation
It is recommended to update the application to the latest version and monitor for potential attacks related to this vulnerability.
Original NVD description (English source)
A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.

