A vulnerability marked as critical has been reported in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro . Performing a manipulation of the argument _display_name results in path traversal. This vulnerability is reported as CVE-2026-11411 . The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.