CVE-2026-47782

low

Published 2026-05-20 · Modified 2026-05-21

CVSS v3

3.3

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS v2

—

VIR risk

3.3

Description

Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor notification.

Predictions

Exploit likelihood

34%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

https://jvn.jp/en/vu/JVNVU93461473/
https://play.google.com/store/apps/details?id=com.siber.roboform
https://www.roboform.com/news-android

CWEs

CWE-357

Verify integrity in audit chain (admin only). AS-IS.