Home / Vulnerability Intelligence / CVE-2026-30291

CVE-2026-30291 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: April 1, 2026

Ora Tools PDF Reader Reader & Editor - Arbitrary File Overwrite

Published: April 1, 2026Updated: April 1, 2026

Overview

Ora Tools PDF Reader Reader & Editor APPv4.3.5 contains an arbitrary file overwrite vulnerability caused by the file import process, letting attackers overwrite critical internal files leading to code execution or information exposure, exploit requires no special privileges.

Severity & Score

Severity: High

CVSS Score: 8.4

Impact

Attackers can overwrite critical files, leading to arbitrary code execution or exposure of sensitive information.

Mitigation

Update to the latest version.

References

https://github.com/Secsys-FDU/AF_CVEs/issues/18
https://oratools.github.io/
https://play.google.com/store/apps/details?id=pdf.reader.editor.office.ora
https://secsys.fudan.edu.cn/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-30291
Severity: High
CVSS Score: 8.4
Type: file_inclusion
Status: new

CWE

CWE-73

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H