Home

Description

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends.

PUBLISHED Reserved 2026-06-26 | Published 2026-07-09 | Updated 2026-07-09 | Assigner certcc

Problem types

CWE-295: Improper Certificate Validation

Product status

7.0.7
affected

References

cwe.mitre.org/data/definitions/295.html

kb.cert.org/vuls/id/152953

cve.org (CVE-2026-13462)

nvd.nist.gov (CVE-2026-13462)

Download JSON