react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted _display_name value containing dot-dot path components through a malicious ContentProvider. Attackers can fire an explicit ACTION_SEND intent at the consuming app's exported share-receiver activity to overwrite arbitrary files in the consuming app's private data directory, including databases, shared preferences, and cached configuration, with attacker-controlled content.
Metrics
Affected Vendors & Products
References
History
Thu, 02 Jul 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted _display_name value containing dot-dot path components through a malicious ContentProvider. Attackers can fire an explicit ACTION_SEND intent at the consuming app's exported share-receiver activity to overwrite arbitrary files in the consuming app's private data directory, including databases, shared preferences, and cached configuration, with attacker-controlled content. | |
| Title | react-native-receive-sharing-intent Path Traversal via _display_name | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-02T20:10:40.633Z
Reserved: 2026-06-30T20:20:33.789Z
Link: CVE-2026-58460
No data.
No data.
No data.
OpenCVE Enrichment
No data.