Known Vulnerabilities for products from Dropbox
Listed below are 13 of the newest known vulnerabilities associated with the vendor "Dropbox".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-28809 json | Not Provided | 2026-03-23 | 2026-04-06 | |
| CVE-2026-28503 json | Not Provided | 2026-03-26 | 2026-03-27 | |
| CVE-2025-13391 json | Not Provided | 2026-02-11 | 2026-04-08 | |
| CVE-2024-49607 json | Not Provided | 2024-10-20 | 2026-04-23 | |
| CVE-2023-4488 json | Not Provided | 2023-10-20 | 2026-04-08 | |
| CVE-2023-3025 json | Not Provided | 2023-09-16 | 2026-04-08 | |
| CVE-2022-26181 json | Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lep... | 7.8 - HIGH | 2022-02-28 | 2022-03-09 |
| CVE-2022-4768 json | A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function add_public_key of th... | 9.8 - CRITICAL | 2022-12-27 | 2023-11-07 |
| CVE-2019-12171 json | Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext cred... | 7.8 - HIGH | 2019-07-08 | 2021-07-21 |
| CVE-2018-20820 json | read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash bec... | 5.5 - MEDIUM | 2019-04-23 | 2019-04-24 |
| CVE-2018-20819 json | io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (h... | 7.8 - HIGH | 2019-04-23 | 2020-08-24 |
| CVE-2018-12446 json | ** DISPUTED ** An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows... | 3.6 - LOW | 2018-06-20 | 2023-11-07 |
| CVE-2018-12445 json | ** DISPUTED ** An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager clas... | 3.1 - LOW | 2018-06-20 | 2023-11-07 |
| CVE-2018-12271 json | ** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (To... | 6.4 - MEDIUM | 2018-06-13 | 2023-11-07 |
| CVE-2018-12108 json | An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to... | 5.5 - MEDIUM | 2018-06-11 | 2018-07-30 |
| CVE-2017-8891 json | Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure set... | 5.5 - MEDIUM | 2017-05-10 | 2019-10-03 |
| CVE-2017-7448 json | The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to ca... | 5.5 - MEDIUM | 2017-04-05 | 2017-04-12 |
| CVE-2014-8889 json | Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via ... | 5.3 - MEDIUM | 2017-09-26 | 2018-10-09 |
| CVE-2010-3354 json | dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain priv... | Not Provided | 2010-10-20 | 2026-04-29 |