CVE-2026-35394 Overview
Mobile Next is an MCP (Model Context Protocol) server designed for mobile development and automation. A critical intent injection vulnerability exists in versions prior to 0.0.50, where the mobile_open_url tool passes user-supplied URLs directly to Android's intent system without any scheme validation. This allows attackers to execute arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access.
Critical Impact
Attackers can abuse the unvalidated URL handling to trigger malicious Android intents, potentially making unauthorized phone calls, sending SMS messages, executing USSD codes for account manipulation, or accessing sensitive content providers on the device.
Affected Products
- mobilenexthq mobile_mcp versions prior to 0.0.50
- Mobile MCP server deployments on Node.js platforms
- Android applications integrated with vulnerable Mobile MCP versions
Discovery Timeline
- April 6, 2026 - CVE-2026-35394 published to NVD
- April 9, 2026 - Last updated in NVD database
Technical Details for CVE-2026-35394
Vulnerability Analysis
This vulnerability is classified under CWE-939 (Improper Authorization in Handler for Custom URL Scheme). The core issue lies in the mobile_open_url tool's failure to validate URL schemes before passing them to Android's intent resolution system. Android supports a wide variety of URI schemes beyond standard HTTP/HTTPS, including tel:, sms:, content:, and device-specific USSD handlers. Without proper scheme allowlisting, any URI provided by the user is processed by the Android intent system.
The vulnerability enables attackers with network access to craft malicious URLs that, when processed by the vulnerable component, trigger unintended device actions. User interaction is required to initiate the attack, typically through social engineering or embedding malicious URLs in legitimate-looking automation workflows.
Root Cause
The root cause is insufficient input validation in the mobile_open_url function. The implementation accepts arbitrary URL strings and forwards them directly to Android's intent system without implementing a whitelist of acceptable URI schemes. This design flaw allows any URI scheme supported by the Android device to be invoked, including sensitive telephony and messaging intents that should be restricted.
Attack Vector
The attack vector is network-based, requiring user interaction to execute. An attacker can exploit this vulnerability by:
- Crafting a malicious URL using a sensitive URI scheme (e.g., tel:*21*[attacker_number]# for call forwarding)
- Delivering the malicious URL through the Mobile MCP server interface
- When the victim's device processes the URL through mobile_open_url, the Android intent system executes the associated action
The vulnerability allows execution of intents including:
- USSD codes that can modify carrier settings or expose account information
- Phone calls to premium rate numbers or for reconnaissance
- SMS messages to arbitrary numbers potentially incurring charges or exfiltrating data
- Content provider access that could leak sensitive application data
Detection Methods for CVE-2026-35394
Indicators of Compromise
- Unusual outbound calls or SMS messages from devices running Mobile MCP integrations
- Unexpected USSD code executions visible in carrier logs
- Content provider access patterns that deviate from normal application behavior
- Network traffic containing non-HTTP/HTTPS URI schemes directed at Mobile MCP endpoints
Detection Strategies
- Monitor application logs for mobile_open_url invocations with non-standard URI schemes
- Implement network-level inspection for requests containing tel:, sms:, content:, or # characters in URL parameters
- Review Mobile MCP server logs for suspicious URL patterns that don't match expected HTTP/HTTPS endpoints
- Deploy endpoint detection to identify unexpected telephony or messaging API calls from automation processes
Monitoring Recommendations
- Enable verbose logging for the Mobile MCP server to capture all URL processing events
- Configure alerts for any intent invocations outside of expected HTTP/HTTPS schemes
- Monitor device telephony and SMS APIs for unauthorized access patterns
- Implement anomaly detection for Mobile MCP traffic that deviates from baseline URL patterns
How to Mitigate CVE-2026-35394
Immediate Actions Required
- Upgrade Mobile MCP to version 0.0.50 or later immediately
- Audit existing Mobile MCP deployments to identify vulnerable instances
- Review logs for any evidence of exploitation attempts using non-HTTP URI schemes
- Implement temporary network-level filtering to block suspicious URI schemes if immediate patching is not possible
Patch Information
The vulnerability is fixed in Mobile MCP version 0.0.50. The patch implements proper URI scheme validation to ensure only safe URL schemes are processed by the Android intent system. Organizations should upgrade by updating their Node.js dependencies to pull the patched version.
For detailed patch information and the security advisory, refer to the GitHub Security Advisory GHSA-5qhv-x9j4-c3vm.
Workarounds
- Implement a proxy layer in front of Mobile MCP that validates and filters URL schemes before they reach the server
- Restrict the mobile_open_url tool to only accept URLs matching an explicit allowlist of safe schemes (http, https)
- Disable the mobile_open_url functionality entirely if not required for your automation workflows
- Deploy network segmentation to limit exposure of vulnerable Mobile MCP instances
# Upgrade Mobile MCP to patched version
npm update @mobilenexthq/mobile-mcp@0.0.50
# Verify installed version
npm list @mobilenexthq/mobile-mcp
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
