PT-2026-60984 · Unknown · Stoat For Android
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Stoat for Android (affected versions not specified)
Description
Stoat for Android exports the
chat.stoat.activities.ShareTargetActivity component, which is accessible to any process on the device via the android.intent.action.SEND intent. The activity accepts a file to share through the android.intent.extra.STREAM extra but fails to validate or filter the incoming URI. This allows a caller to provide a file:// URI pointing to the application's internal storage, such as databases, cached authentication tokens, or preferences. An attacker with the ability to invoke intents on the device can trigger this activity to make the user send internal application files to a chosen channel or user. Because the composer labels the attachment simply as "attachment" without a filename, the user is unaware that internal data is being transmitted. This can lead to the disclosure of message history, contact lists, and authentication tokens, potentially resulting in full account takeover.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stoat For Android