CVE-2026-33545 MobSF has SQL Injection in its SQLite Database Viewer Utils

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...

PT-2025-35521

Name of the Vulnerable Software and Affected Versions: MobSF version 4.4.0 Description: The GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the intended download directory from neighboring directories with...