SQL Injection Vulnerability in MobSF Mobile Application Testing Tool
CVE-2026-33545

5.3MEDIUM

Key Information:

Vendor

Mobsf

Status
Mobile-security-framework-mobsf
Vendor
CVE Published:
26 March 2026

What is CVE-2026-33545?

The MobSF Mobile Security Framework contains a SQL injection vulnerability due to improper string formatting in its read_sqlite() function. When security analysts analyze malicious mobile applications with crafted SQLite databases, they can exploit this flaw. The lack of parameterization or escaping allows attackers to manipulate SQL queries, potentially leading to denial of service or unauthorized data access. This issue has been resolved in version 4.4.6.

Affected Version(s)

Mobile-Security-Framework-MobSF < 4.4.6

References

https://github.com/MobSF/Mobile-Security-Framework-MobSF/...
x_refsource_CONFIRM
https://github.com/MobSF/Mobile-Security-Framework-MobSF/...
x_refsource_MISC
https://github.com/MobSF/Mobile-Security-Framework-MobSF/...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.