Improper Authorization Vulnerability in Genspark AI Workspace App on Android
CVE-2026-12190

4.8MEDIUM

Key Information:

Vendor

Genspark

Status
Ai Workspace App
Vendor
CVE Published:
14 June 2026

What is CVE-2026-12190?

A vulnerability in the Genspark AI Workspace App version 2.8.4 for Android has been identified, affecting the ai.mainfunc.genspark component. This vulnerability allows an attacker to manipulate the application and gain improper authorization through handling of custom URL schemes. It is important to note that this attack requires access to the local environment, making it particularly concerning for users who may have insecure configurations or use shared devices. Despite early disclosure attempts, the vendor has not responded to address the reported issue.

Affected Version(s)

AI Workspace App 2.8.4

References

https://vuldb.com/vuln/370836
vdb-entry
https://vuldb.com/vuln/370836/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-12190
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Actuator (VulDB User)
VulDB CNA Team
.