CVE-2026-30278
Arbitrary File Overwrite in FLY is FUN Aviation Navigation Enables Code Execution
Publication date: 2026-03-31
Last updated on: 2026-04-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| funair | fly_is_fun | 35.33 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 impacts compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability is an arbitrary file overwrite issue in FLY is FUN Aviation Navigation version 35.33. It allows attackers to overwrite critical internal files through the file import process.
By exploiting this, attackers can execute arbitrary code or expose sensitive information within the affected system.
How can this vulnerability impact me? :
The vulnerability can lead to severe impacts including arbitrary code execution, which means attackers could run malicious code on your system.
It can also cause information exposure by allowing unauthorized access to sensitive internal files.