F-2026-0006·ui-inconsistency

Inactive QR code scanning feature exposed in desktop web interface

Fixedpentestblackboxtypescript
TL;DR

A QR code scanning feature intended for mobile environments was exposed in the desktop web interface, causing potential user confusion and indicating a UX/feature-flag misconfiguration.

Severity
INFO
Impact
LOW
Likelihood
LOW
Method
MManual review
CAT.
Complexity
LOW
Exploitability
LOW
02Section · Description

Description

A QR code scanning control was rendered in the desktop web interface despite being designed for mobile-only use. On desktop the feature does not function meaningfully and causes user confusion.

03Section · Impact

Impact

Informational. No direct security impact but a sign of inconsistent feature gating that warrants review.

04Section · Recommendation

Recommendation

Gate the QR scanning entry point behind a mobile-only render condition (user-agent class, viewport, or feature flag). Verify other mobile-specific affordances are similarly gated.

Novaswap: Confirmed. Zealynx: Fixed.

Status
Fixed
ZEALYNX SECURITY · published 2026-01-17
F-2026-0006