CVE-2026-33545

{"id": "CVE-2026-33545", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-03-26T21:17:06.047", "references": [{"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/6f8a43c1b78d21cfbd7186aaafa7f622d990e0f1", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/releases/tag/v4.4.6", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-hqjr-43r5-9q58", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's `read_sqlite()` function in `mobsf/MobSF/utils.py` (lines 542-566) uses Python string formatting (`%`) to construct SQL queries with table names read from a SQLite database's `sqlite_master` table. When a security analyst uses MobSF to analyze a malicious mobile application containing a crafted SQLite database, attacker-controlled table names are interpolated directly into SQL queries without parameterization or escaping. This allows an attacker to cause denial of service and achieve SQL injection. Version 4.4.6 patches the issue."}, {"lang": "es", "value": "MobSF es una herramienta utilizada para pruebas de seguridad de aplicaciones m\u00f3viles. Antes de la versi\u00f3n 4.4.6, la funci\u00f3n `read_sqlite()` de MobSF en `mobsf/MobSF/utils.py` (l\u00edneas 542-566) utiliza el formato de cadena de Python ('%') para construir consultas SQL con nombres de tabla le\u00eddos de la tabla `sqlite_master` de una base de datos SQLite. Cuando un analista de seguridad utiliza MobSF para analizar una aplicaci\u00f3n m\u00f3vil maliciosa que contiene una base de datos SQLite manipulada, los nombres de tabla controlados por el atacante se interpolan directamente en las consultas SQL sin parametrizaci\u00f3n ni escape. Esto permite a un atacante causar denegaci\u00f3n de servicio y lograr inyecci\u00f3n SQL. La versi\u00f3n 4.4.6 corrige el problema."}], "lastModified": "2026-04-03T20:28:05.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5848A16B-0512-4FBE-8D64-7D14DDCA8625", "versionEndExcluding": "4.4.6"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}