Plattform
android
Komponente
aleapp
Behoben in
3.4.1
CVE-2026-40027 describes a path traversal vulnerability discovered in the ALEAPP NQ Vault Artifact Parser, a tool used for parsing Android logs and protobuf data. This flaw allows attackers to write arbitrary files on the system, potentially leading to code execution. The vulnerability affects versions 0.0.0 through 3.4.0 of the parser. A fix is expected to be released by the vendor.
The path traversal vulnerability in ALEAPP NQ Vault Artifact Parser allows an attacker to leverage crafted file names stored in the database to write files to arbitrary locations on the system. By injecting path traversal sequences like ../../../outside_written.bin into database entries, an attacker can bypass directory restrictions and overwrite files outside the intended report output directory. This could lead to code execution if an attacker overwrites executable files or critical configuration files. The potential impact includes complete system compromise and data exfiltration.
CVE-2026-40027 was publicly disclosed on 2026-04-08. No public proof-of-concept (PoC) code is currently available, but the vulnerability's nature makes it likely that one will emerge. The EPSS score is pending evaluation. It is not currently listed on the CISA KEV catalog.
Organizations using ALEAPP NQ Vault Artifact Parser for Android log analysis are at risk, particularly those relying on automated parsing pipelines or integrating the parser into their security incident response workflows. Environments where the parser is deployed with elevated privileges or has access to sensitive system resources are at higher risk.
• android / supply-chain:
Get-ScheduledTask | Where-Object {$_.Action.Path -like '*NQ_Vault.py*'}• linux / server:
find / -name "NQ_Vault.py" 2>/dev/null• generic web:
curl -I http://your-server/nq_vault_report.bin # Check for unusual response headersdisclosure
Exploit-Status
EPSS
0.01% (1% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-40027 is to upgrade to a patched version of the ALEAPP NQ Vault Artifact Parser. Until a patched version is available, consider implementing strict input validation on all file names retrieved from the database. Sanitize user-supplied data to prevent path traversal attempts. Employ a Web Application Firewall (WAF) with rules to block requests containing suspicious path traversal patterns. Regularly review database entries for anomalous file names. After upgrading, confirm the fix by attempting to write a file outside the intended output directory using a crafted database entry; the write should be denied.
Actualice ALEAPP a una versión posterior a 3.4.0 para mitigar la vulnerabilidad de recorrido de ruta. La actualización corrige la forma en que se manejan los nombres de archivo, evitando que los atacantes escriban archivos arbitrariamente en el sistema.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-40027 is a path traversal vulnerability in the ALEAPP NQ Vault Artifact Parser allowing attackers to write arbitrary files, potentially leading to code execution.
You are affected if you are using ALEAPP NQ Vault Artifact Parser versions 0.0.0 through 3.4.0.
Upgrade to a patched version of the ALEAPP NQ Vault Artifact Parser. Until a patch is available, implement input validation on the filenamefrom value.
There are currently no confirmed reports of active exploitation, but a proof-of-concept is likely to be developed.
Please refer to the ALEAPP website or security mailing lists for the official advisory regarding CVE-2026-40027.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine build.gradle-Datei hoch und wir sagen dir sofort, ob du betroffen bist.