Skip to main content

Voice Recorder CVE-2026-30284

| EUVDEUVD-2026-17520 HIGH
External Control of File Name or Path (CWE-73)
2026-03-31 cve@mitre.org GHSA-fgxv-26q5-6xq2
8.6
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.6 HIGH
AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 31, 2026 - 16:22 euvd
EUVD-2026-17520
Analysis Generated
Mar 31, 2026 - 16:22 vuln.today
CVE Published
Mar 31, 2026 - 16:16 nvd
HIGH 8.6

DescriptionCVE.org

An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

AnalysisAI

Arbitrary file overwrite in UXGROUP LLC Voice Recorder v10.0 allows remote attackers to overwrite critical internal files through the file import mechanism, enabling arbitrary code execution or sensitive information exposure. No CVSS score, EPSS data, or KEV status was available at analysis time; exploitation likelihood cannot be quantified from standard metrics, but the presence of publicly documented vulnerability research suggests active security scrutiny.

Technical ContextAI

The vulnerability exists in the file import process of Voice Recorder v10.0, where insufficient input validation or path traversal protections permit attackers to manipulate file paths during import operations. This class of vulnerability typically involves CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, 'Path Traversal') or CWE-434 (Unrestricted Upload of File with Dangerous Type). The attack vector targets the application's file handling logic, allowing an attacker to write arbitrary content to locations outside the intended import directory. The dual impact (RCE and information disclosure) suggests the application either executes imported code paths or stores sensitive configuration data that becomes accessible when overwritten.

RemediationAI

Primary remediation requires upgrading UXGROUP LLC Voice Recorder beyond version 10.0; however, no specific patched version number was identified in the available references. Users should immediately cease use of Voice Recorder v10.0 for untrusted file imports and monitor the official source (http://voice.com) and vendor advisory channels for a security update. As an interim mitigation, restrict file import functionality to trusted sources only and avoid importing files from untrusted users until a patch is confirmed available. Consult the vendor's security advisory and the public vulnerability documentation at https://github.com/Secsys-FDU/AF_CVEs/issues/25 for additional technical details and any temporary workarounds.

Share

CVE-2026-30284 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy