CVE-2026-30289 - Vulnerability Analysis
HighCVSS: 8.4Last Updated: April 1, 2026
Tinybeans Private Family Album App - Arbitrary File Overwrite
Published: April 1, 2026Updated: April 1, 2026
Overview
Tinybeans Private Family Album App v5.9.5-prod contains an arbitrary file overwrite vulnerability caused by improper handling in the file import process, letting attackers overwrite critical internal files, leading to code execution or information exposure, exploit requires attacker to initiate file import.
Severity & Score
Severity: High
CVSS Score: 8.4
Impact
Attackers can overwrite critical files, leading to arbitrary code execution or exposure of sensitive information.
Mitigation
Update to the latest version of Tinybeans Private Family Album App.
References
Related Resources
Details
- CVE ID
- CVE-2026-30289
- Severity
- High
- CVSS Score
- 8.4
- Type
- file_inclusion
- Status
- unconfirmed
CWE
- CWE-73
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H