CVE-2026-58192 in Appiuminfo

Zusammenfassung

von MITRE • 09.07.2026

Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 1.1.6, the Appium storage plugin exposes POST /storage/delete, whose handler passes the user-supplied name value directly into path.join(storageRoot, name) and fs.rimraf() without path sanitization, allowing an unauthenticated remote client to escape the storage root with ../ sequences and recursively delete arbitrary writable files or directories. This issue is fixed in version 1.1.6.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Zuständig

GitHub M

Reservieren

29.06.2026

Veröffentlichung

09.07.2026

Moderieren

akzeptiert

Eintrag

VDB-377094

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Might our Artificial Intelligence support you?

Check our Alexa App!