Description
An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
Published: 2026-03-31
Score: n/a
EPSS: n/a
KEV: No
Impact: Arbitrary code execution or sensitive information exposure through file overwrite
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows a malicious actor to overwrite critical internal files during the import process, which can result in the execution of arbitrary code or the disclosure of sensitive data. The flaw arises from insufficient validation of imported file names and paths, permitting attackers to target files that the application has write access to. If exploited, an attacker could replace legitimate binaries, configuration files, or other essential components, thereby compromising the entire system that runs the application.

Affected Systems

The affected product is DeftPDF Document Translator version 54.0. No other vendors or product versions are listed in the data, and the vulnerability is specific to the file import functionality of that version.

Risk and Exploitability

The CVSS score and EPSS are not provided, but the potential for arbitrary code execution is high. The vulnerability is likely exploitable via a user-controllable file import, and the lack of a countermeasure means that any user with access can trigger it. Because it is not listed in the CISA KEV catalog, there is no official record of widespread exploitation, yet the risk remains significant for any deployment of the affected version.

Generated by OpenCVE AI on March 31, 2026 at 17:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update DeftPDF Document Translator to a patched version once available
  • If no patch is available, disable or restrict the file import feature to trusted users only
  • Configure file system permissions to deny write access to critical internal files
  • Monitor system logs for unusual file modifications or import attempts

Generated by OpenCVE AI on March 31, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Arbitrary File Overwrite in DeftPDF Document Translator Leading to Code Execution
Weaknesses CWE-73

Tue, 31 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-31T15:39:44.456Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30276

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-31T16:16:29.683

Modified: 2026-03-31T16:16:29.683

Link: CVE-2026-30276

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T19:56:55Z

Weaknesses