CVE-2026-11411
Deferred Deferred - Pending Action
Path Traversal in iAI Lab PDF AI App for Android

Publication date: 2026-06-06

Last updated on: 2026-06-08

Assigner: VulDB

Description
A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument _display_name results in path traversal. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-06
Last Modified
2026-06-08
Generated
2026-06-27
AI Q&A
2026-06-06
EPSS Evaluated
2026-06-25
NVD
CVE-2026-11411
EUVD
EUVD-2026-34966
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
iai_lab pdf_ai_app 4.21.0
chatpdf pro 4.22.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-11411 is a vulnerability in the chatpdf.pro Android app that allows an attacker to perform a path traversal attack by manipulating the _display_name argument in file-share intents. The app accepts intents with content:// URIs from any other app and uses the attacker-controlled _display_name metadata as the filename without proper sanitization. This enables the attacker to create arbitrary files in the app's private internal and external storage directories by including "../" sequences in the filename.

The attack requires no special permissions and can be executed locally via exported activity-alias entries in the app's manifest. This flaw allows the attacker to control filenames, directory structures, and file contents, potentially compromising the app's persistent state such as databases, preference files, and cached documents.

Impact Analysis

This vulnerability can impact you by allowing an attacker to create or overwrite files within the app's private storage areas without authorization. This can lead to the compromise of the app's integrity by modifying databases, preference files, or cached documents.

Such unauthorized file creation or modification could disrupt the app's normal operation, potentially causing data corruption or loss, and may be used as a foothold for further attacks on the device or app data.

Detection Guidance

This vulnerability involves path traversal via the _display_name argument in file-share intents accepted by the chatpdf.pro Android app. Detection involves monitoring for suspicious intents with content:// URIs that include path traversal sequences such as "../" in the _display_name metadata.

Since the attack is local and exploits exported activity-alias entries, detection can include analyzing app logs or using Android debugging tools to inspect intents sent to chatpdf.pro.

  • Use adb logcat to monitor logs for suspicious intent data targeting chatpdf.pro.
  • Run the command: adb shell dumpsys activity intents | grep chatpdf.pro to check recent intents.
  • Inspect files in /data/data/chatpdf.pro/ and /sdcard/Android/data/chatpdf.pro/ for unexpected or suspicious files created with path traversal patterns.
Mitigation Strategies

Immediate mitigation steps include restricting or disabling the exported activity-alias entries in the chatpdf.pro app manifest to prevent other apps from sending malicious intents.

Additionally, avoid installing or running untrusted apps that could send malicious intents to chatpdf.pro.

Monitor and remove any suspicious files created in the app's private and external storage directories.

Since the vendor has not responded, consider isolating the affected device or app until a patch or update is available.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11411. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart