PatchSiren cyber security CVE debrief
CVE-2026-11411 iAI Lab CVE debrief
A path traversal vulnerability has been discovered in iAI Lab PDF AI App 4.21.0 on Android. The vulnerability affects the chatpdf.pro component, specifically the getExternalCacheDir function. An attacker can manipulate the _display_name argument to traverse the file system. This attack requires a local approach. The CVSS score for this vulnerability is 1.9, indicating a low severity.
- Vendor
- iAI Lab
- Product
- PDF AI App
- CVSS
- LOW 1.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-06
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-06
- Advisory updated
- 2026-06-08
Who should care
Users of iAI Lab PDF AI App 4.21.0 on Android should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability is caused by improper handling of the _display_name argument in the getExternalCacheDir function of the chatpdf.pro component. This allows an attacker to perform a path traversal attack, potentially leading to unauthorized access to sensitive files.
Defensive priority
Low
Recommended defensive actions
- Update to a patched version of the app, if available.
- Use caution when handling files and directories in the app.
- Monitor the app's behavior for suspicious activity.
Evidence notes
The CVE record and NVD detail pages provide additional information about this vulnerability.
Official resources
CVE-2026-11411 was published on 2026-06-06T11:16:49.110Z and modified on 2026-06-08T14:57:14.757Z.