{"id":"CVE-2026-40027","summary":"ALEAPP NQ Vault Artifact Parser Path Traversal","details":"ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path traversal vulnerability in the NQ_Vault.py artifact parser that uses attacker-controlled file_name_from values from a database directly as the output filename, allowing arbitrary file writes outside the report output directory. An attacker can embed a path traversal payload such as ../../../outside_written.bin in the database to write files to arbitrary locations, potentially achieving code execution by overwriting executable files or configuration.","modified":"2026-07-15T01:49:04.467200918Z","published":"2026-04-08T21:35:23.178Z","database_specific":{"cwe_ids":["CWE-22"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40027.json","cna_assigner":"VulnCheck"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40027.json"},{"type":"ADVISORY","url":"https://mobasi.ai/sentinel"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40027"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/aleapp-nq-vault-artifact-parser-path-traversal"},{"type":"REPORT","url":"https://github.com/abrignoni/aleapp/pull/669"},{"type":"FIX","url":"https://github.com/abrignoni/ALEAPP/commit/0cafd8fe0027663420eb3d0fa821b2d1a713880d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/abrignoni/aleapp","events":[{"introduced":"0"},{"fixed":"ce3b3997b3d8d4d10a362eff5bff99f2c2afc655"},{"fixed":"0cafd8fe0027663420eb3d0fa821b2d1a713880d"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"3.4.0"}],"source":["DESCRIPTION","REFERENCES"]}}],"versions":["v3.4.0","v3.3.0","v3.2.5","v3.2.4","v3.2.3","v3.2.2","v3.2.1","v3.1.9","v3.1.8","v3.1.6","v3.1.5","v3.1.1","v3.0.0","v2.0.09","v2.0.05","v2.0.03","v1.8.0","v1.7.2","v1.7.1","v1.7.0","v1.3.1","1.3","1.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40027.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"}]}