Ghostwire

CVE-2026-12189: A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component...

MEDIUM CVSS 5.3 Exploit Available 1 PoC

Published: June 14, 2026 | Last Modified: June 14, 2026

Description

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
1 proof-of-concept exploit available on GitHub. Public exploit code lowers the barrier for both researchers and attackers.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Proof-of-Concept Exploits (1)

honestcorrupt/MOOVIT-CVE-.git

CVE-2026-12189: A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component...

Description

Ghostwire Analysis — What This Means Practically

Proof-of-Concept Exploits (1)

References