Insufficient URL Validation in RoboForm Password Manager by Siber Systems, Inc.
CVE-2026-47782

4.6MEDIUM

Key Information:

Vendor: Siber Systems, Inc.
Status: Android App "roboform Password Manager"
Vendor: CVE Published:; 20 May 2026

🔔 Create Siber Systems, Inc. Vulnerability Alert

What is CVE-2026-47782?

The RoboForm Password Manager application for Android by Siber Systems, Inc. is susceptible to a vulnerability that compromises user security. The application fails to adequately validate URLs passed via Android intents, allowing potential attackers to specify malicious web addresses. Consequently, this flaw permits the app to silently download files without any form of user confirmation or notification, creating an opportunity for unauthorized access to personal data. Users of RoboForm should be aware of this vulnerability and monitor for any updates or patches from the vendor.

Affected Version(s)

Android App "RoboForm Password Manager" 9.8.6.3 and prior

References

https://play.google.com/store/apps/details?id=com.siber.r...

https://www.roboform.com/news-android

https://jvn.jp/en/vu/JVNVU93461473/

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

CVSS V3.0

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
May 20, 2026

CVE-2026-47782 Data

JSON