Platform
nodejs
Component
@mobilenext/mobile-mcp
Fixed in
0.0.51
0.0.50
CVE-2026-35394 is a high-severity vulnerability affecting the @mobilenext/mobile-mcp component. This flaw allows attackers to execute arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access, by exploiting a lack of URL scheme validation. The vulnerability impacts versions prior to 0.0.50 and can be mitigated by upgrading to version 0.0.50.
The mobileopenurl tool within @mobilenext/mobile-mcp is vulnerable because it directly passes user-supplied URLs to Android's intent system without proper scheme validation. This means an attacker can craft a malicious URL containing schemes like tel:, sms:, mailto:, content://, or market:// and trick a user or automated process into executing it. Successful exploitation could lead to unauthorized phone calls, SMS messages being sent, sensitive data being accessed through content providers, or even the installation of malicious applications from the Google Play Store. Given that MCP servers are designed to be operated by AI agents, this vulnerability presents a significant risk of automated exploitation and potential compromise of the entire system.
CVE-2026-35394 was published on 2026-04-04. Public proof-of-concept (POC) code is currently unknown, but the vulnerability's simplicity suggests a high probability of such code emerging. Given the component's use in automated AI agent workflows, the potential for automated exploitation is significant. The vulnerability is not currently listed on CISA KEV, but its high CVSS score warrants monitoring.
Exploit Status
EPSS
0.05% (16% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-35394 is to upgrade to version 0.0.50 of @mobilenext/mobile-mcp, which includes the necessary URL scheme validation. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or proxy to filter incoming URLs and block those with potentially malicious schemes. Specifically, block any URL containing tel:, sms:, mailto:, content://, or market:// before they are passed to the mobileopenurl function. Additionally, review and restrict the permissions granted to the MCP server to minimize the potential impact of a successful exploit.
Update to version 0.0.50 or later to mitigate the vulnerability. This version implements URL scheme validation to prevent arbitrary Android intent execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-35394 is a high-severity vulnerability in the @mobilenext/mobile-mcp component that allows attackers to execute arbitrary Android intents via unvalidated URLs, potentially leading to malicious actions like sending SMS or making calls.
You are affected if you are using a version of @mobilenext/mobile-mcp prior to 0.0.50 and are not implementing URL scheme validation.
Upgrade to version 0.0.50 of @mobilenext/mobile-mcp. As a temporary workaround, implement a WAF or proxy to filter malicious URL schemes.
While no active exploitation has been confirmed, the vulnerability's simplicity suggests a high probability of exploitation and automated attacks.
Refer to the official @mobilenext security advisory for CVE-2026-35394, which can be found on their project repository or website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.