Description
An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
Published: 2026-03-31
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Assess Impact
AI Analysis

Impact

An arbitrary file overwrite flaw permits attackers to replace critical internal files during the file import process, potentially enabling remote code execution or the disclosure of sensitive data. The weakness arises from unsafe path handling (CWE‑22).

Affected Systems

The vulnerability affects PEAKSEL D.O.O.'s NIS Animal Sounds and Ringtones for Android, version 1.3.0, and applies only to devices running that exact application version on the Android platform.

Risk and Exploitability

The CVSS score of 9.8 signals a severe risk, while an EPSS value below 1 % suggests a low current exploitation rate. The flaw is not listed in the KEV catalog, yet an attacker who can supply a crafted file for import could trigger arbitrary code execution. The attack likely needs user interaction to initiate the import, though unconstrained import pathways could allow remote exploitation.

Generated by OpenCVE AI on April 6, 2026 at 17:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check whether the device runs PEAKSEL NIS Animal Sounds and Ringtones version 1.3.0.
  • If present, restrict the application’s ability to import files from untrusted sources.
  • Disable or remove the import feature until a vendor update is released.
  • Apply the vendor patch or update when it becomes available.
  • Monitor device logs for unexpected file overwrite events and enforce strict access controls.
  • Educate users about the risks of opening or importing unknown files into the application.

Generated by OpenCVE AI on April 6, 2026 at 17:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Arbitrary File Overwrite in PEAKSEL NIS Animal Sounds and Ringtones Leads to Remote Code Execution

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:peaksel:animal_sounds_and_ringtones:1.3.0:*:*:*:*:android:*:*

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Peaksel
Peaksel animal Sounds And Ringtones
Vendors & Products Peaksel
Peaksel animal Sounds And Ringtones

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Arbitrary File Overwrite in PEAKSEL NIS Animal Sounds and Ringtones Leads to Remote Code Execution

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
References

Subscriptions

Peaksel Animal Sounds And Ringtones
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-02T14:24:57.022Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30283

cve-icon Vulnrichment

Updated: 2026-04-02T14:24:52.473Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T18:16:47.313

Modified: 2026-04-06T14:49:50.953

Link: CVE-2026-30283

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T08:08:22Z

Weaknesses