Unrated severityCISA KEVNVD Advisory· Published Nov 13, 2024· Updated Oct 21, 2025
CVE-2024-43093
CVE-2024-43093
Description
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
2News mentions
1- Critical Remote Code Execution Vulnerability Patched in AndroidSecurityWeek · May 5, 2026