CVE-2026-30281
Arbitrary File Overwrite in MaruNuri v2.0.23 Enables Code Execution
Publication date: 2026-03-31
Last updated on: 2026-04-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| maru | neo.maru | 2.0.23 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to overwrite critical internal files via the file import process, potentially leading to arbitrary code execution or information exposure.
Such unauthorized information exposure and potential compromise of data integrity could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive information and ensuring system integrity.
However, there is no explicit information provided about the specific impact on compliance with these standards in the available resources.
Can you explain this vulnerability to me?
CVE-2026-30281 is an arbitrary file overwrite vulnerability in MaruNuri LLC version 2.0.23, specifically affecting the neo.maru and MaruViewer apps. The vulnerability exists in the file import process where insufficient security validation allows attackers to manipulate the filename and content of imported files.
By exploiting path traversal techniques, an attacker can overwrite critical internal files within the appβs storage. This can lead to arbitrary code execution or exposure of sensitive information.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including arbitrary code execution, which means an attacker could run malicious code within the app environment.
It can also lead to exposure of sensitive information stored within the app, denial of service, app malfunction, or failure to launch.
The attack requires minimal user interaction and can be triggered automatically when the victim opens a malicious app, increasing the risk of exploitation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2026-30281 involves monitoring for signs of arbitrary file overwrite attempts during the file import process in the affected MaruNuri LLC apps, especially neo.maru and MaruViewer version 2.0.23.
Since the vulnerability exploits path traversal in file imports, detection can include scanning for unusual file system changes or unexpected overwrites in the app's storage directories.
Specific commands to detect exploitation attempts are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable version 2.0.23 of MaruNuri LLC apps such as neo.maru and MaruViewer until a patch or update is released.
Do not import files from untrusted or unknown sources, as the vulnerability is triggered via the file import process.
Monitor app permissions and restrict storage access where possible to limit the impact of potential exploitation.
Stay updated with official patches or updates from MaruNuri LLC addressing this vulnerability.