A vulnerability, which was classified as problematic , was found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate . Executing a manipulation can lead to improper authorization in handler for custom url scheme. The identification of this vulnerability is CVE-2026-12189 . The attack can only be executed locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any w