GHSA-5qhv-x9j4-c3vm: @mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url
Summary
The mobile_open_url tool in mobile-mcp doesn't check what type of URL scheme (the protocol prefix like http:// or tel://) it receives before sending it to Android, allowing attackers to use prompt injection (tricking an AI by hiding instructions in its input) to execute dangerous commands like making phone calls, sending SMS messages, or accessing private data on a connected mobile device.
Solution / Mitigation
Upgrade to version 0.0.50 or later, which restricts mobile_open_url to http:// and https:// schemes by default. Users who require other URL schemes can opt in by setting the environment variable MOBILEMCP_ALLOW_UNSAFE_URLS=1.
Vulnerability Details
EPSS: 0.0%
Yes
April 4, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: https://github.com/advisories/GHSA-5qhv-x9j4-c3vm
First tracked: April 4, 2026 at 02:00 AM
Classified by LLM (prompt v3) · confidence: 92%