Remote File Deletion Vulnerability in Appium Storage Plugin
CVE-2026-58192

8.6HIGH

Key Information:

Vendor

Appium

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-58192?

The Appium storage plugin prior to version 1.1.6 contains a vulnerability where the POST /storage/delete endpoint allows unauthenticated remote clients to manipulate the system. This happens due to the lack of path sanitization, permitting attackers to incorporate '../' sequences in their requests. Consequently, this could lead to unauthorized deletion of arbitrary files or directories. The issue has been resolved in version 1.1.6, emphasizing the necessity for careful input handling and proper security measures in application design.

Affected Version(s)

appium < 1.1.6

References

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.