EIP-2026-100020

PRE-CVE

Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100020. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Gmail's attachment handling for non-Gmail accounts. It crafts a malicious email with a base64-encoded attachment that writes a journal file to the Gmail app's database directory, causing repeated crashes.

Description

Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · pythondosandroid
https://www.exploit-db.com/exploits/43189

This exploit demonstrates a directory traversal vulnerability in Gmail's attachment handling for non-Gmail accounts. It crafts a malicious email with a base64-encoded attachment that writes a journal file to the Gmail app's database directory, causing repeated crashes.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Gmail Android app (version not specified)
Auth required
Prerequisites: Non-Gmail email account (e.g., Hotmail or Yahoo) · Victim must click to download the attachment · Attacker's Gmail credentials for sending the email
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026