Skip to main content

React Native Receive Sharing Intent

1 CVEs product

Monthly

CVE-2026-58460 HIGH POC This Week

Arbitrary file overwrite in the react-native-receive-sharing-intent library (ajith-ab) lets a co-resident malicious Android app write attacker-controlled content outside the intended cache directory into the consuming app's private data. The flaw stems from trusting a ContentProvider-supplied _display_name containing dot-dot sequences, enabling overwrite of databases, shared preferences, and cached config. Publicly available exploit code exists (reported by VulnCheck); no active exploitation has been reported in CISA KEV.

Path Traversal React Native Receive Sharing Intent
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.1%
EPSS 0% CVSS 7.0
HIGH POC This Week

Arbitrary file overwrite in the react-native-receive-sharing-intent library (ajith-ab) lets a co-resident malicious Android app write attacker-controlled content outside the intended cache directory into the consuming app's private data. The flaw stems from trusting a ContentProvider-supplied _display_name containing dot-dot sequences, enabling overwrite of databases, shared preferences, and cached config. Publicly available exploit code exists (reported by VulnCheck); no active exploitation has been reported in CISA KEV.

Path Traversal React Native Receive Sharing Intent
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy