CVE-2026-47782
Received Received - Intake
RoboForm Password Manager Intent URL Handling Flaw

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: JPCERT/CC

Description
Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor notification.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-05-21
AI Q&A
2026-05-21
EPSS Evaluated
N/A
NVD
CVE-2026-47782
EUVD
EUVD-2026-31200
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
siber_systems roboform_password_manager *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-357 The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability exists in the Android app "RoboForm Password Manager" by Siber Systems, Inc. The app handles Android intents without properly validating URLs, nor does it require user confirmation or provide notification. This means that if a malicious URL is passed to the app through an intent, RoboForm may silently download files without the user's knowledge or consent.


How can this vulnerability impact me? :

This vulnerability can lead to the app downloading potentially malicious files without user awareness or approval. This silent download could expose the user to malware, unwanted software, or other security risks, potentially compromising the device or user data.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart