CVE-2026-30292
Arbitrary File Overwrite in Docudepot PDF Reader Enables Code Execution
Publication date: 2026-04-01
Last updated on: 2026-04-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| docudepot | pdf_reader | 1.0.34 |
| docudepot | pdf_reader_pdf_viewer | 1.0.34 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30292 is an arbitrary file overwrite vulnerability in the Docudepot PDF Reader: PDF Viewer APP version 1.0.34. This vulnerability allows attackers to overwrite critical internal files through the file import process.
The root cause is insufficient security validation during file import, which enables attackers to use crafted file paths with directory traversal techniques to access and overwrite sensitive files inside the app's internal storage.
Exploitation of this vulnerability can lead to arbitrary code execution or exposure of sensitive information.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including arbitrary code execution, which means an attacker could run malicious code on your device through the vulnerable app.
It can also lead to information exposure by allowing attackers to access and extract sensitive files stored within the app's internal storage.
Such exposure could include credential files, potentially resulting in account hijacking, and access to critical key or configuration files, which may further compromise device or app security.
The attack requires minimal user interaction and can be triggered automatically when the victim opens a malicious app.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for suspicious file import activities within the Docudepot PDF Reader: PDF Viewer app (version 1.0.34), especially attempts to use directory traversal techniques to overwrite or access internal files.
Since the vulnerability exploits the file import process, you can check for unusual file operations or unexpected modifications in the app's internal storage directories.
On an Android device, you might use commands or tools to monitor file system changes or app behavior, such as:
- Using 'adb shell' to access the device shell.
- Running 'adb logcat' to monitor app logs for suspicious activity related to file imports.
- Using 'find' or 'ls -lR' commands within the app's data directory (usually under /data/data/pdf.pdfreader.pdfeditor.pdfmaker.pdfscanner/) to detect unexpected file modifications or new files.
- Checking for presence of unexpected files in shared external storage that may have been written by the app.
However, no specific detection commands or tools are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable version (1.0.34) of the Docudepot PDF Reader: PDF Viewer app until a patch or update is released.
Restrict or monitor file import operations within the app to prevent exploitation via crafted file paths.
Limit app permissions, especially access to internal storage and external shared storage, to reduce the risk of arbitrary file overwrite or data exposure.
Consider uninstalling the app or replacing it with a secure alternative if immediate patching is not available.
Monitor for updates from the vendor (Docudepot or Longreach AI) and apply security patches as soon as they become available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files or access sensitive information through insufficient security validation during file import. This can lead to arbitrary code execution or information exposure, including credential files and critical configuration data.
Such exposure of sensitive information and potential unauthorized access could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access and breaches.
Specifically, the disclosure of credential files and sensitive internal data could lead to violations of confidentiality and integrity requirements mandated by these standards, increasing the risk of data breaches and regulatory penalties.