CVE-2026-39973 | iBotPeaches Apktool up to 3.0.1 APK File ResFileDecoder.java BrutIO.sanitizePath path traversal (GHSA-m8mh-x359-vm8m)

A vulnerability was found in iBotPeaches Apktool up to 3.0.1. It has been rated as critical. Affected is the function BrutIO.sanitizePath in the library brut/androlib/res/decoder/ResFileDecoder.java of the component APK File Handler. The manipulation leads to path traversal.

This vulnerability is traded as CVE-2026-39973. An attack has to be approached locally. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More