Description
An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
Published: 2026-03-31
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability permits an attacker to overwrite any file within the application’s internal storage, enabling the execution of attacker-supplied code or the disclosure of sensitive data. This flaw originates from inadequate validation of file paths during the import process and falls under the common weakness enumeration CWE‑22.

Affected Systems

Triumph Adler Mobile Print version 3.7.2.251001 on Android devices is affected. Users of this specific build should verify whether they are running this version and whether security updates are available.

Risk and Exploitability

The CVSS score of 8.4 indicates a high severity for potential remote code execution. Although the EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, exploitation remains plausible due to the local file import vector. The likely attack pathway involves a user opening a crafted PDF that forces the application to overwrite internal files, a conclusion inferred from the described file import process.

Generated by OpenCVE AI on April 3, 2026 at 21:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Triumph Adler Mobile Print to a patched version if one exists
  • If no newer version is available, contact Triumph Adler support for a fix
  • Restrict or disable the file import feature for untrusted PDFs
  • Avoid downloading or opening PDFs from unverified sources

Generated by OpenCVE AI on April 3, 2026 at 21:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Arbitrary File Overwrite in Triumph Adler Mobile Print Leading to Code Execution

Fri, 03 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:triumph-adler:mobile_print:3.7.2.251001:*:*:*:*:android:*:*

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Triumph-adler
Triumph-adler mobile Print
Vendors & Products Triumph-adler
Triumph-adler mobile Print

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Arbitrary File Overwrite in TA/UTAX Mobile Print Leading to Code Execution

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Arbitrary File Overwrite in TA/UTAX Mobile Print Leading to Code Execution
Weaknesses CWE-22

Tue, 31 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
References

Subscriptions

Triumph-adler Mobile Print
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-02T14:17:55.040Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30277

cve-icon Vulnrichment

Updated: 2026-04-02T14:17:49.048Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T18:16:46.740

Modified: 2026-04-03T18:42:53.973

Link: CVE-2026-30277

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T08:08:25Z

Weaknesses