CVE-2026-30276
Arbitrary File Overwrite in DeftPDF v54 Enables Code Execution
Publication date: 2026-03-31
Last updated on: 2026-04-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| deftpdf | document_translator | 54.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in DeftPDF Document Translator version 54.0 and involves an arbitrary file overwrite issue during the file import process.
Due to insufficient security validation, an attacker can exploit path traversal techniques to control the filename and content of imported files, allowing them to overwrite critical internal files within the app's storage.
This can lead to severe consequences such as arbitrary code execution, exposure of sensitive information, denial of service, app malfunction, or failure to launch.
The attack can be triggered automatically when the victim opens a malicious app, requiring no complex user interaction.
How can this vulnerability impact me? :
Exploiting this vulnerability can allow attackers to overwrite important internal files of the DeftPDF Document Translator app.
This can result in arbitrary code execution, meaning attackers could run malicious code on your device.
It can also lead to exposure of sensitive information stored within the app, denial of service, app malfunction, or the app failing to launch.
Since the attack requires minimal user interaction and can be triggered automatically, it poses a significant security risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying the presence of DeftPDF Document Translator version 54.0 on your system, as the vulnerability exists specifically in this version.
Since the vulnerability exploits the file import process via path traversal to overwrite critical internal files, monitoring for unusual file system changes or unexpected file overwrites in the app's storage directories may help detect exploitation attempts.
No specific commands or automated detection tools are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of DeftPDF Document Translator version 54.0 until a patch or update addressing the vulnerability is released.
Restrict or monitor file import activities within the application to prevent malicious files from being imported.
Implement security controls such as application sandboxing and file system permissions to limit the ability of the app to overwrite critical internal files.
Stay informed about updates from the vendor and apply security patches as soon as they become available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.
Exposure of sensitive information or unauthorized code execution can result in non-compliance with data protection regulations such as GDPR or HIPAA, which require safeguarding personal and sensitive data against unauthorized access or breaches.
Therefore, exploitation of this vulnerability could compromise the confidentiality and integrity of data handled by the application, potentially violating compliance requirements related to data security and privacy.