{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5682", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-06T10:00:34.320Z", "datePublished": "2026-04-06T19:45:14.504Z", "dateUpdated": "2026-04-06T19:45:14.504Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-06T19:45:14.504Z"}, "title": "Meesho Online Shopping App com.meesho.supply endpoint risky encryption", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-327", "lang": "en", "description": "Risky Cryptographic Algorithm"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-310", "lang": "en", "description": "Cryptographic Issues"}]}], "affected": [{"vendor": "Meesho", "product": "Online Shopping App", "versions": [{"version": "27.0", "status": "affected"}, {"version": "27.1", "status": "affected"}, {"version": "27.2", "status": "affected"}, {"version": "27.3", "status": "affected"}], "modules": ["com.meesho.supply"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-06T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-06T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-06T12:05:46.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "honest_corrupt (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/355509", "name": "VDB-355509 | Meesho Online Shopping App com.meesho.supply endpoint risky encryption", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/355509/cti", "name": "VDB-355509 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/792717", "name": "Submit #792717 | Meesho Android Application 27.3 Cryptographic Issue / Improper Encryption", "tags": ["third-party-advisory"]}, {"url": "https://github.com/honestcorrupt/MEESHO-CVE", "tags": ["exploit"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used."}], "id": "CVE-2026-5682", "lastModified": "2026-04-06T20:16:29.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-06T20:16:29.193", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/honestcorrupt/MEESHO-CVE"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/792717"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/355509"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/355509/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}, {"lang": "en", "value": "CWE-327"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "27.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "27.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "27.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "27.3"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Online Shopping App", "source": "cna", "vendor": "Meesho"}, "product": "online_shopping_app", "vendor": "meesho"}], "analysis": {"en": {"generated_at": "2026-04-07T02:07:14.480169+00:00", "value": {"mitigation_remediation": ["Apply the latest Meesho app update that addresses cryptographic weaknesses (currently version 27.4 or newer).", "If no immediate update is available, disable or restrict the use of the /api/endpoint of the com.meesho.supply component through app configuration or network policy."], "summary": {"action": "Patch Immediately", "impact": "Cryptographic Weakness"}, "threat_synthesis": {"affected_systems": "Android users of the Meesho Online Shopping App up to and including version 27.3 are affected. The vulnerability resides in the /api/endpoint of the com.meesho.supply component, but the exact function is not identified.", "description_and_impact": "The flaw exists in an undisclosed function of the com.meesho.supply component within the Meesho Online Shopping App. By manipulating the endpoint, an attacker can cause the app to use a risky cryptographic algorithm, exposing data to potential compromise. The vulnerability is classified as a cryptographic weakness (CWE\u2011310) and the use of an insecure algorithm (CWE\u2011327). This weakening permits a remote attacker to undermine encryption strength, potentially enabling data decryption or tampering with encrypted communication.", "risk_and_exploitability": "The CVSS score of 6.3 indicates moderate severity. Public disclosure has occurred, but the exploit is described as difficult and requiring high complexity. No exploit probability score is available, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, because the attack is remote and the cryptographic reduction could compromise confidentiality, it is recommended to treat the risk as significant and to apply a fix promptly."}}}}, "created": "2026-04-07T06:54:20.787001+00:00", "updated": "2026-04-07T09:37:22.477012+00:00", "vendors": ["meesho", "meesho$PRODUCT$online_shopping_app"]}