Remote File Deletion Vulnerability in Appium Storage Plugin
CVE-2026-58192
8.6HIGH
What is CVE-2026-58192?
The Appium storage plugin prior to version 1.1.6 contains a vulnerability where the POST /storage/delete endpoint allows unauthenticated remote clients to manipulate the system. This happens due to the lack of path sanitization, permitting attackers to incorporate '../' sequences in their requests. Consequently, this could lead to unauthorized deletion of arbitrary files or directories. The issue has been resolved in version 1.1.6, emphasizing the necessity for careful input handling and proper security measures in application design.
Affected Version(s)
appium < 1.1.6
