Skip to main content

PDF AI App EUVD-2026-34966

| CVE-2026-11411 LOW
Path Traversal (CWE-22)
2026-06-06 VulDB GHSA-qfjx-g344-4pcg
Google Path Traversal
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
Jun 06, 2026 - 11:30 vuln.today
Severity Changed
Jun 06, 2026 - 11:22 NVD
MEDIUM LOW
CVSS changed
Jun 06, 2026 - 11:22 NVD
4.4 (MEDIUM) 1.9 (LOW)
CVE Published
Jun 06, 2026 - 10:45 nvd
LOW 1.9

DescriptionCVE.org

A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument _display_name results in path traversal. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Path traversal in iAI Lab PDF AI App 4.21.0 on Android allows a local low-privileged attacker to manipulate the _display_name argument within the getExternalCacheDir function of the chatpdf.pro component, enabling unauthorized file system access outside the intended cache directory. The CVSS 4.0 score of 1.9 reflects the strictly local attack surface and limited integrity and availability impact with no confidentiality breach. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local device access
Delivery
Invoke chatpdf.pro component
Exploit
Inject path traversal in _display_name argument
Execution
Escape external cache directory boundary
Impact
Modify or corrupt files in adjacent external storage paths
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Local access to the Android device is required (AV:L per CVSS 4.0 vector) - remote exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The aggregate risk is low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with local access to an Android device running iAI Lab PDF AI App 4.21.0 - such as a malicious co-installed application with appropriate invocation privileges, or a user with direct device access - crafts a `_display_name` value containing path traversal sequences (e.g., `../../sensitive_dir/file`) and passes it to the `getExternalCacheDir`-based file handling logic in the `chatpdf.pro` component. This causes the app to read from or write to file system locations outside its designated external cache directory. …
Remediation No vendor-released patch is available at the time of analysis; the vendor did not respond to responsible disclosure. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-34966 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy