Back to overview

CVE-2026-57848

MEDIUM
5.5
CVSS 3.1
Description
Stoat for Android exports the chat.stoat.activities.ShareTargetActivity component (reachable to any process on the device via the android.intent.action.SEND intent) and accepts the file to share as a URI supplied through the android.intent.extra.STREAM extra. The activity does not validate or filter the incoming URI before using it as the outgoing attachment, so a caller can pass a file:// URI pointing at the application's own internal storage (for example /data/data/chat.revolt/databases/revolt.db, cached authentication token files, or preferences) and have the app treat that internal file as a user-selected attachment. An attacker who can invoke intents on the victim's device (via ADB access, a co-installed malicious application, or any other route that reaches Android's intent dispatch) can launch ShareTargetActivity with such a URI and cause the victim, on a single channel-selection interaction, to send the internal file to any Stoat channel or user of the attacker's choosing. The composer displays the attachment as \"attachment\" with no filename indication, so the victim has no visible signal that the file being sent is their own internal application data. Consequences include disclosure of the local Stoat database (message history, contact list, cached content), disclosure of authentication tokens permitting full account takeover, and disclosure of any other file readable by the app process.

Metadata

CVE ID
CVE-2026-57848
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-06-25 18:48 UTC
Published
2026-07-18 19:15 UTC
Last updated
2026-07-18 19:15 UTC
Primary CWE
CWE-926
Improper Export of Android Application Components
Vendor / Product
stoatchat / Stoat for Android
Sources
cve.org  ·  NVD

Severity & Metrics

5.5 MEDIUM CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected products (1)
VendorProductPlatformVersions
stoatchat Stoat for Android 0 < 1.6.0
Weakness (CWE)
CWESourceDescription
CWE-926 cna Improper Export of Android Application Components
CVSS scores (2)
ScoreSeverityVersionSourceVector
6.8 MEDIUM 4.0 cna CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
5.5 MEDIUM 3.1 cna CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Back to overview