PatchSiren cyber security CVE debrief
CVE-2026-13461 PayRange CVE debrief
A critical vulnerability, CVE-2026-13461, was found in the PayRange app version 7.0.7. This vulnerability, when combined with an SSL bypass vulnerability, allows JavaScript injection into a WebView. The injected JavaScript can enable attackers to escape the WebView sandbox and perform dangerous actions on the user's device. The CVE record was published on 2026-07-09T17:16:56.997Z and was last modified on 2026-07-10T21:16:53.510Z.
- Vendor
- PayRange
- Product
- Unknown
- CVSS
- CRITICAL 9.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of PayRange version 7.0.7, as well as developers and security teams responsible for maintaining and securing mobile applications, should be aware of this vulnerability. Given the critical severity and potential impact, immediate attention is advised to assess exposure and apply necessary patches or mitigations.
Technical summary
CVE-2026-13461 is a critical vulnerability in the PayRange app version 7.0.7. The vulnerability allows for JavaScript injection into a WebView when coupled with an SSL bypass vulnerability. This injection enables attackers to escape the WebView sandbox and perform a number of dangerous actions on the user's device. The vulnerability has a CVSS score of 9.6 and is classified as CRITICAL. Users of PayRange version 7.0.7 should assess exposure and apply necessary patches or mitigations. The CVE record and NVD detail provide information on the vulnerability, but additional research may be necessary to fully understand the scope and impact.
Defensive priority
High
Recommended defensive actions
- Immediately assess if the PayRange app version 7.0.7 is in use within the organization.
- Apply the latest patch or update for the PayRange app to mitigate the vulnerability.
- Implement additional monitoring to detect potential exploitation attempts.
- Review and enforce secure coding practices for mobile application development.
- Consider compensating controls, such as network monitoring and intrusion detection systems, to help detect and prevent exploitation.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability. However, further details about the vendor, product, and affected versions are limited. Additional research and verification may be necessary to fully understand the scope and impact of this vulnerability.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:16:56.997Z and has not been modified since then.