PatchSiren cyber security CVE debrief
CVE-2026-12065 Groww CVE debrief
A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used.
- Vendor
- Groww
- Product
- Stock, Mutual Fund, Gold App
- CVSS
- LOW 0.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Groww Stock, Mutual Fund, Gold App up to 20260805 on Android
Technical summary
The vulnerability affects the WebView URL Handler in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android, allowing improper authorization in handler for custom url scheme.
Defensive priority
Low
Recommended defensive actions
- Update Groww Stock, Mutual Fund, Gold App to the latest version
- Use secure URL handling practices
Evidence notes
The vendor was contacted early about this disclosure.
Official resources
-
CVE-2026-12065 CVE record
CVE.org
-
CVE-2026-12065 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
- Source reference
- Source reference
- Source reference
- Source reference
- Source reference
-
Source reference
134c704f-9b21-4f2e-91b3-4a467353bcc0
CVE-2026-12065 was published on 2026-06-12T14:16:30.413Z and modified on 2026-06-12T16:16:27.273Z.