CVE-2026-11411 | iAI Lab PDF AI App 4.21.0 on Android chatpdf.pro getExternalCacheDir _display_name path traversal

Inserito da Angelo Barbosa | Giu 5, 2026 | CVE

A vulnerability marked as critical has been reported in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument _display_name results in path traversal.

This vulnerability is reported as CVE-2026-11411. The attack requires a local approach. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-11411 | iAI Lab PDF AI App 4.21.0 on Android chatpdf.pro getExternalCacheDir _display_name path traversal

Post correlati

CVE-2024-3266 | Bold Page Builder Plugin up to 4.8.8 on WordPress Widget URL Attribute cross site scripting

CVE-2025-23600 | pinal.shah Send to a Friend Addon Plugin up to 1.4.1 on WordPress cross site scripting

CVE-2025-60876 | BusyBox wget up to 1.3.7 HTTP Request injection

CVE-2024-43237 | TaxoPress Tag Cloud Plugin up to 2.0.3 on WordPress information disclosure