Description
A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-14
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Genspark AI Workspace App version 2.8.4 on Android permits an attacker to influence the handling of a custom URL scheme without proper authorization checks. The vulnerability is classified under improper authorization and authentication weaknesses. While the attack surface is limited to a local environment, successful exploitation could allow local users to invoke privileged actions through the custom URL scheme, potentially exposing sensitive data or manipulating the application state.

Affected Systems

Affected are users running Genspark AI Workspace App 2.8.4 on Android devices. The issue is tied to the ai.mainfunc.genspark component responsible for processing custom URL schemes. No other products or versions are listed as affected.

Risk and Exploitability

The CVSS score of 4.8 indicates a moderate severity, and the EPSS score is currently unavailable, implying the likelihood of exploitation is unclear. The vulnerability is not listed in CISA KEV, suggesting it has not been observed in the wild as of the data set. The attack can be performed only from a local environment, meaning an attacker needs physical or local network access to the target device. No mitigations or patches are referenced in the vendor’s public advisories, so the risk remains until a fix is released or mitigated.

Generated by OpenCVE AI on June 15, 2026 at 00:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Genspark AI Workspace App release that addresses the custom URL scheme authorization flaw.
  • If no update is available, disable the custom URL scheme or limit its use via device or app settings to prevent unauthenticated invocation.
  • Configure device logging and alerts to detect unexpected custom URL scheme invocations and investigate any suspicious activity.

Generated by OpenCVE AI on June 15, 2026 at 00:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 14 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment. The vendor was contacted early about this disclosure but did not respond in any way.
Title Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme
First Time appeared Genspark
Genspark ai Workspace App
Weaknesses CWE-285
CWE-939
CPEs cpe:2.3:a:genspark:ai_workspace_app:*:*:*:*:*:*:*:*
Vendors & Products Genspark
Genspark ai Workspace App
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Genspark Ai Workspace App
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-14T22:45:07.816Z

Reserved: 2026-06-14T06:38:49.912Z

Link: CVE-2026-12190

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-14T23:16:35.807

Modified: 2026-06-14T23:16:35.807

Link: CVE-2026-12190

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-15T00:30:07Z

Weaknesses
  • CWE-285

    Improper Authorization

  • CWE-939

    Improper Authorization in Handler for Custom URL Scheme