Description
An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
Published: 2026-03-31
Score: n/a
EPSS: n/a
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An arbitrary file overwrite flaw exists in MaruNuri LLC version 2.0.23. The flaw permits an attacker to replace critical internal files during a file import routine. By controlling which files are overwritten, an attacker could execute malicious code or disclose sensitive information, undermining both confidentiality and integrity of the system.

Affected Systems

The vulnerability affects MaruNuri LLC’s software, version 2.0.23. No other affected vendors or product versions are listed. Users running this specific release should be aware of the risk.

Risk and Exploitability

The risk is high due to the ability to overwrite system files, which can lead to full compromise of the application and potentially the underlying host. No explicit CVSS score is provided, but the nature of the flaw suggests severe impact. Epistemic exploitation probability is unknown as EPSS data is unavailable. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves an authenticated or unauthenticated user submitting a crafted import file to the application, though the precise prerequisites are not detailed in the available information.

Generated by OpenCVE AI on March 31, 2026 at 17:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch for MaruNuri 2.0.23 when it becomes available.
  • Disable or restrict the file import functionality to trusted users until a patch is installed.
  • Monitor logs for unauthorized file write attempts and investigate any anomalies promptly.

Generated by OpenCVE AI on March 31, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Arbitrary File Overwrite in MaruNuri v2.0.23 Enables Code Execution
Weaknesses CWE-22

Tue, 31 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-31T15:32:48.068Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30281

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-31T16:16:29.820

Modified: 2026-03-31T16:16:29.820

Link: CVE-2026-30281

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T19:56:54Z

Weaknesses