CVE-2026-57848
CVE-2026-57848 concerns Stoat for Android where the exported ShareTargetActivity does not validate the incoming android.intent.extra.STREAM URI before using it as the outgoing attachment. An attacker able to invoke intents can supply a file:// URI pointing to the app’s internal storage (e.g., dat...