CVE-2026-11411 | A security flaw has been discovered in iAI Lab PDF AI App 4.… | CVSS 4.4 MEDIUM

Description

A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument _display_name results in path traversal. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Metadata

CVE ID: CVE-2026-11411
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-06-05 18:37 UTC
Published: 2026-06-06 10:45 UTC
Last updated: 2026-06-08 13:14 UTC
Primary CWE: CWE-22
Path Traversal
Vendor / Product: iAI Lab / PDF AI App
Sources: cve.org · NVD

Severity & Metrics

4.4 MEDIUM CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
iAI Lab	PDF AI App	—	4.21.0

Weakness (CWE)

CWE	Source	Description
CWE-22	cna	Path Traversal

CVSS scores (4)

Score	Severity	Version	Source	Vector
4.8	MEDIUM	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4.4	MEDIUM	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
4.4	MEDIUM	3.0	cna	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
3.2	N/D	2.0	cna	AV:L/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR

References (5)

VDB-368968 | iAI Lab PDF AI App chatpdf.pro getExternalCacheDir path traversal https://vuldb.com/vuln/368968
VDB-368968 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/368968/cti
CVE-2026-11411 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-11411
Submit #818818 | iAI Lab PDF AI: Podcast, Notes, Slides Version 4.21.0 (chatpdf.pro) Path Traversal https://vuldb.com/submit/818818
https://github.com/actuator/chatpdf.pro