VYPR

npm package

@mobilenext/mobile-mcp

pkg:npm/%40mobilenext/mobile-mcp

Vulnerabilities (2)

  • CVE-2026-35394HigApr 6, 2026
    affected < 0.0.50fixed 0.0.50

    Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD

  • CVE-2026-33989HigMar 27, 2026
    affected < 0.0.49fixed 0.0.49

    Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output` parameters