Description
An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
Published: 2026-03-31
Score: n/a
EPSS: n/a
KEV: No
Impact: Remote Code Execution via File Overwrite
Action: Apply Patch
AI Analysis

Impact

The flaw allows an attacker to overwrite critical internal files during the file import process, which can lead to arbitrary code execution or the exposure of sensitive information. The likely attack vector is through the import interface, where an attacker submits a crafted file that directs the system to write over protected files.

Affected Systems

This vulnerability is present in FLY is FUN Aviation Navigation version 35.33. No other affected versions are documented in the available data.

Risk and Exploitability

Based on the description, it is inferred that an attacker who can reach the import functionality—potentially over a network—could exploit the overwrite to inject malicious code with the privileges of the application. The absence of a CVSS or EPSS score means the exact severity and exploitation probability cannot be quantified from the supplied data, but the potential for remote code execution and data leakage suggests a high risk. The vulnerability is not listed in the CISA KEV catalog, so there is no publicly known exploited exploit at this time, but the attack surface is presumably accessible if the import endpoint is exposed.

Generated by OpenCVE AI on March 31, 2026 at 18:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check with the vendor for a patch that addresses the import‐related overwrite bug
  • If a patch is unavailable or delayed, temporarily disable the file import feature or restrict it to trusted users only
  • Configure filesystem permissions so that import processes cannot overwrite critical configuration files
  • Actively monitor system logs for anomalous file modifications or attempts to upload files with unexpected paths
  • Consider network segmentation or firewall rules to limit external access to the import endpoint

Generated by OpenCVE AI on March 31, 2026 at 18:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Arbitrary File Overwrite Vulnerability in FLY is FUN Aviation Navigation v35.33
Weaknesses CWE-22

Tue, 31 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-31T17:07:59.044Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30278

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-31T18:16:46.863

Modified: 2026-03-31T18:16:46.863

Link: CVE-2026-30278

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T19:56:51Z

Weaknesses