CVE-2026-30291
Received Received - Intake
Arbitrary File Overwrite in Ora Tools PDF Reader Enables Code Execution

Publication date: 2026-04-01

Last updated on: 2026-04-01

Assigner: MITRE

Description
An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-01
Last Modified
2026-04-01
Generated
2026-06-16
AI Q&A
2026-04-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-30291
EUVD
EUVD-2026-17891
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ora_tools pdf_reader 4.3.5
ora_tools pdf_reader_reader_editor 4.3.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an arbitrary file overwrite issue in the Ora Tools PDF Reader – Reader & Editor APP version 4.3.5. It allows attackers to overwrite critical internal files through the file import process.

By exploiting this flaw, attackers can cause arbitrary code execution or expose sensitive information within the application.

Impact Analysis

The vulnerability can have serious impacts including allowing attackers to execute arbitrary code on your device, which could lead to full control over the application or device.

Additionally, it can lead to exposure of sensitive or critical information stored within the app, compromising your privacy and data security.

Compliance Impact

The vulnerability in Ora Tools PDF Reader – Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, potentially leading to arbitrary code execution or information exposure.

Such arbitrary file overwrite and information exposure vulnerabilities can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and modification.

Since the app may collect and share personal and financial information with third parties without encryption and without the ability for users to delete data, this vulnerability could exacerbate risks related to data breaches and unauthorized data manipulation, thereby increasing non-compliance risks with privacy regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30291. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart