CRITICAL🇵🇱 Wersja polska

CVE-2026-30276

CVSS 9.8v3.1pub. 2026-03-31upd. 2026-04-06

An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

🤖 AI Analysis
How it works

The vulnerability is classified as CWE-73 (External Control of File Name or Path) and results from insufficient validation of file paths during the import process in the application. An attacker can supply a crafted file whose processing results in overwriting critical internal application files. By replacing these files with attacker-controlled content, it is possible to force execution of code supplied by the attacker.

Impact

An attacker can lead to arbitrary code execution (RCE) in the context of the application or gain access to sensitive information stored by the application. A network vector without required privileges and user interaction (AV:N/AC:L/PR:N/UI:N) makes this vulnerability particularly dangerous.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. Until updates are applied, it is recommended to restrict file import capabilities to trusted sources and monitor activity related to the file import process in the application.

Who is affected

DeftPDF Document Translator v54.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Deftpdf Document Translator

    APP
    Deftpdf
    54.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References