Description
An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
Published: 2026-03-31
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An arbitrary file overwrite flaw in DeftPDF Document Translator v54.0 allows an attacker to replace internal files through the file import routine, potentially executing malicious code or exposing sensitive data. The weakness is a classic example of CWE‑73 Relative Path Traversal, where insufficient validation of file paths permits overwriting protected application files.

Affected Systems

The vulnerability impacts the Android version of DeftPDF Document Translator v54.0. Users who can trigger the file import feature are susceptible, and the flaw may affect all installations on Android devices that run this specific software version.

Risk and Exploitability

The CVSS score of 9.8 marks it as critical, while an EPSS score of less than 1% indicates a low current exploitation risk. It is not listed in CISA’s KEV catalog, suggesting no widely known public exploits yet. The likely attack vector appears to be local or user‑initiated via the file import function, though this inference is based on the description rather than explicit documentation.

Generated by OpenCVE AI on April 6, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor patch or upgrade to a newer version that removes the unsafe file overwrite logic.
  • Disable or remove the file import functionality until a fix is released.
  • Restrict the application's file write permissions so it cannot modify protected system files.
  • Monitor devices for unexpected file changes or newly created executables that may indicate exploitation.

Generated by OpenCVE AI on April 6, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title DeftPDF Document Translator Arbitrary File Overwrite Vulnerability

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:deftpdf:document_translator:54.0:*:*:*:*:android:*:*

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Deftpdf
Deftpdf document Translator
Vendors & Products Deftpdf
Deftpdf document Translator

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Arbitrary File Overwrite in DeftPDF Document Translator Leading to Code Execution

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Arbitrary File Overwrite in DeftPDF Document Translator Leading to Code Execution
Weaknesses CWE-73

Tue, 31 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
References

Subscriptions

Deftpdf Document Translator
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-01T18:16:00.742Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30276

cve-icon Vulnrichment

Updated: 2026-04-01T18:15:56.962Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T16:16:29.683

Modified: 2026-04-06T15:13:59.763

Link: CVE-2026-30276

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T08:08:28Z

Weaknesses