{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30291", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-01T19:00:35.065Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-04-01T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-01T14:07:15.702Z"}, "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://secsys.fudan.edu.cn/"}, {"url": "https://oratools.github.io/"}, {"url": "https://play.google.com/store/apps/details?id=pdf.reader.editor.office.ora"}, {"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/18"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-73", "lang": "en", "description": "CWE-73 External Control of File Name or Path"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:56:42.926819Z", "id": "CVE-2026-30291", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T19:00:35.065Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30291", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T18:56:42.926819Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73 External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:57:13.200Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://secsys.fudan.edu.cn/"}, {"url": "https://oratools.github.io/"}, {"url": "https://play.google.com/store/apps/details?id=pdf.reader.editor.office.ora"}, {"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/18"}], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-01T14:07:15.702Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30291", "state": "PUBLISHED", "dateUpdated": "2026-04-01T19:00:35.065Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-01T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "id": "CVE-2026-30291", "lastModified": "2026-04-03T16:11:11.357", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-01T15:22:58.943", "references": [{"source": "cve@mitre.org", "url": "https://github.com/Secsys-FDU/AF_CVEs/issues/18"}, {"source": "cve@mitre.org", "url": "https://oratools.github.io/"}, {"source": "cve@mitre.org", "url": "https://play.google.com/store/apps/details?id=pdf.reader.editor.office.ora"}, {"source": "cve@mitre.org", "url": "https://secsys.fudan.edu.cn/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.3.5"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "pdf_reader", "vendor": "oratools"}], "analysis": {"en": {"generated_at": "2026-04-02T03:14:20.310689+00:00", "value": {"mitigation_remediation": ["Install the latest Ora Tools PDF Reader update that removes the file overwrite flaw (e.g., version 4.3.6 or newer).", "If an update is not immediately available, disable or restrict the file import function for untrusted users.", "Monitor system logs for unexpected file writes and investigate any suspicious activity."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary File Overwrite leading to Code Execution"}, "threat_synthesis": {"affected_systems": "Only the Ora Tools PDF Reader ' Reader & Editor APP version 4.3.5 is identified as vulnerable. No other versions or variants of the product are currently listed as affected, and no vendor product coverage is provided by the CNA.", "description_and_impact": "The vulnerability permits an attacker to overwrite arbitrary internal files during the import process of the Ora Tools PDF Reader application. By exploiting this flaw, a malicious user can replace critical configuration or executable files, potentially leading to arbitrary code execution or unauthorized disclosure of sensitive information. This weakness corresponds to the CWE-73 class of relative path traversal or file overwrite vulnerabilities.", "risk_and_exploitability": "With a CVSS base score of 8.4, the flaw is considered High severity. Exploit probability is not quantified by EPSS, and the vulnerability is not yet cataloged in the CISA Known Exploited Vulnerabilities list. The likely attack path requires that an attacker can trigger the file import routine, implying local or privileged access to the victim\u2019s machine; however, the description does not detail further conditions, so the exact exploitation vector remains inferred."}}}}, "created": "2026-04-02T07:51:22.092313+00:00", "title": "Arbitrary File Overwrite in Ora Tools PDF Reader Leading to Code Execution", "updated": "2026-04-03T08:59:04.699551+00:00", "vendors": ["oratools", "oratools$PRODUCT$pdf_reader"]}