CVE-2026-12189

CVE Database · CVE-2026-12189

CVE-2026-12189

· MEDIUMReceived

CVSS v3.1

5.3

CVSS v4.0

1.9

EPSS

0.10%

Published

Jun 14, 2026

Modified

Jun 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-285CWE-939

References (8)

https://drive.google.com/file/d/1lKtJX8mhbGTiMarv2H3psd9iombJ-dIn/view?usp=sharing

https://github.com/honestcorrupt/MOOVIT-CVE-.git

https://vuldb.com/cve/CVE-2026-12189

https://vuldb.com/submit/824449

https://vuldb.com/vuln/370835

https://vuldb.com/vuln/370835/cti

https://github.com/honestcorrupt/MOOVIT-CVE-.git

https://vuldb.com/submit/824449

KEV Catalog EPSS Scores Vendors All CVEs