网安资讯详情 - SecLens 情报雷达

网安资讯,一网打尽。汇集权威漏洞通告与行业要闻,结合分组浏览、智能过滤、RSS订阅 和 Webhook 推送,多通道拓展您的安全情报视野。

CVE-2026-11411 | iAI Lab PDF AI App 4.21.0 on Android chatpdf.pro getExternalCacheDir _display_name path traversal

来源: vuldb · 发布时间 2026-06-06 02:42 (UTC+08:00) · 抓取时间 2026-06-06 03:01 (UTC+08:00)

原文链接

摘要

A vulnerability marked as <a href="https://vuldb.com/kb/risk">critical</a> has been reported in <a href="https://vuldb.com/product/iai_lab:pdf_ai_app">iAI Lab PDF AI App 4.21.0</a> on Android. Impacted is the function <code>getExternalCacheDir</code> of the component <em>chatpdf.pro</em>. Performing a manipulation of the argument <em>_display_name</em> results in path traversal. This vulnerability is reported as <a href="https://vuldb.com/cve/CVE-2026-11411">CVE-2026-11411</a>. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

标签

扩展字段

{
  "raw_pub_date": "Fri, 05 Jun 2026 20:42:27 +0200"
}