PYSEC-2026-2671
Vulnerability from pysec - Published: 2026-07-13 15:19 - Updated: 2026-07-13 16:05Summary
The fileID field from Manifest.db (a SQLite database inside iOS backups, generated by the device) is used directly in filesystem path construction without validation. This affects two commands through a shared code path:
mvt-ios decrypt-backup(decrypt.py):file_idis used to construct both read source and write destination paths. Traversal sequences infile_idcause decrypted content to be written to an arbitrary location on the analyst's filesystem.mvt-ios check-backup(via_get_backup_file_from_id()inios/modules/base.py): the same unvalidatedfileIDresolves to files outside the backup directory, which are then opened and parsed. Parsed contents flow into JSON results and CSV timeline.
Impact
File write (decrypt-backup): An adversary delivering a crafted iOS backup can cause attacker controlled content to be written to arbitrary paths writable by the analyst process. This could be leveraged for code execution via shell profile modification or SSH key injection. Severity is assessed as Moderate because exploitation requires a specifically crafted malicious bundle to be parsed by the analyst. There are trust mitigations between stakeholders involved in the handoff of the sample that reduce the likelihood of this scenario.
File read (check-backup): An adversary can force MVT to open and parse files outside the backup directory. Practical exploitation is reduced as it requires the attacker to know or guess the analyst’s directory layout for cross-case targeting, and the traversed file from the host must be a valid SQLite database or plist whose schema matches what the specific MVT module expects.
Patched version
Credits
This issue was identified during a security assessment conducted by 0xche.
| Name | purl | mvt | pkg:pypi/mvt |
|---|
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "mvt",
"purl": "pkg:pypi/mvt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.5.12"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0.11",
"1.0.12",
"1.0.13",
"1.0.14",
"1.0.15",
"1.0.16",
"1.0.17",
"1.1.0",
"1.1.1",
"1.2.0",
"1.2.1",
"1.2.10",
"1.2.11",
"1.2.12",
"1.2.13",
"1.2.14",
"1.2.2",
"1.2.3",
"1.2.4",
"1.2.5",
"1.2.6",
"1.2.7",
"1.2.8",
"1.2.9",
"1.4.0",
"1.4.1",
"1.4.10",
"1.4.11",
"1.4.2",
"1.4.3",
"1.4.4",
"1.4.5",
"1.4.6",
"1.4.7",
"1.4.8",
"1.4.9",
"1.5.1",
"1.5.2",
"1.5.3",
"1.5.4",
"1.5.5",
"2.0",
"2.0.1",
"2.1",
"2.1.1",
"2.1.2",
"2.1.3",
"2.1.4",
"2.1.5",
"2.1.6",
"2.2",
"2.2.1",
"2.2.2",
"2.2.3",
"2.2.4",
"2.2.5",
"2.2.6",
"2.3.0",
"2.4.0",
"2.4.1",
"2.4.2",
"2.4.3",
"2.4.4",
"2.4.5",
"2.5.0",
"2.5.1",
"2.5.2",
"2.5.3",
"2.5.4",
"2.6.0",
"2.6.1",
"2.7.0",
"2026.4.28"
]
}
],
"aliases": [
"CVE-2026-46486",
"GHSA-5h3g-px23-w6vw"
],
"details": "### Summary\n\nThe `fileID` field from `Manifest.db` (a SQLite database inside iOS backups, generated by the device) is used directly in filesystem path construction without validation. This affects two commands through a shared code path:\n\n- **`mvt-ios decrypt-backup`** (`decrypt.py`): `file_id` is used to construct both read source and write destination paths. Traversal sequences in `file_id` cause decrypted content to be written to an arbitrary location on the analyst\u0027s filesystem.\n- **`mvt-ios check-backup`** (via `_get_backup_file_from_id()` in `ios/modules/base.py`): the same unvalidated `fileID` resolves to files outside the backup directory, which are then opened and parsed. Parsed contents flow into JSON results and CSV timeline.\n\n### Impact\n\n**File write (decrypt-backup):** An adversary delivering a crafted iOS backup can cause attacker controlled content to be written to arbitrary paths writable by the analyst process. This could be leveraged for code execution via shell profile modification or SSH key injection. Severity is assessed as Moderate because exploitation requires a specifically crafted malicious bundle to be parsed by the\nanalyst. There are trust mitigations between stakeholders involved in the handoff of the sample that reduce the likelihood of this scenario.\n\n**File read (check-backup):** An adversary can force MVT to open and parse files outside the backup directory. Practical exploitation is reduced as it requires the attacker to know or guess the analyst\u2019s directory layout for cross-case targeting, and the traversed file from the host must be a valid SQLite database or plist whose schema matches what the specific MVT module expects.\n\n### Patched version\n[2026.5.12](https://github.com/mvt-project/mvt/releases/tag/v2026.5.12)\n\n### Credits\nThis issue was identified during a security assessment conducted by 0xche.",
"id": "PYSEC-2026-2671",
"modified": "2026-07-13T16:05:00.338543Z",
"published": "2026-07-13T15:19:09.827231Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mvt-project/mvt/security/advisories/GHSA-5h3g-px23-w6vw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46486"
},
{
"type": "PACKAGE",
"url": "https://github.com/mvt-project/mvt"
},
{
"type": "WEB",
"url": "https://github.com/mvt-project/mvt/releases/tag/v2026.5.12"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/mvt"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-5h3g-px23-w6vw"
}
],
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.