Description
A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument _display_name results in path traversal. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-06
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 06 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument _display_name results in path traversal. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title iAI Lab PDF AI App chatpdf.pro getExternalCacheDir path traversal
First Time appeared Iai Lab
Iai Lab pdf Ai App
Weaknesses CWE-22
CPEs cpe:2.3:a:iai_lab:pdf_ai_app:*:*:*:*:*:*:*:*
Vendors & Products Iai Lab
Iai Lab pdf Ai App
References
Metrics cvssV2_0

{'score': 3.2, 'vector': 'AV:L/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.4, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Iai Lab Pdf Ai App
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T13:14:38.611Z

Reserved: 2026-06-05T18:37:23.840Z

Link: CVE-2026-11411

cve-icon Vulnrichment

Updated: 2026-06-08T13:14:34.286Z

cve-icon NVD

Status : Deferred

Published: 2026-06-06T11:16:49.110

Modified: 2026-06-08T14:57:14.757

Link: CVE-2026-11411

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-06T15:15:23Z

Weaknesses