Skip to main content

Ace Scanner CVE-2026-30287

| EUVDEUVD-2026-17887 HIGH
External Control of File Name or Path (CWE-73)
2026-04-01 cve@mitre.org GHSA-gx88-826r-jqp4
8.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 01, 2026 - 14:22 euvd
EUVD-2026-17887
Analysis Generated
Apr 01, 2026 - 14:22 vuln.today
CVE Published
Apr 01, 2026 - 14:16 nvd
HIGH 8.4

DescriptionCVE.org

An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

AnalysisAI

Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 contains an arbitrary file overwrite vulnerability in its file import process that permits attackers to overwrite critical internal files, resulting in remote code execution or information disclosure. The vulnerability affects a mobile application distributed via Google Play Store. No CVSS score, active exploitation status, or patch information is currently available from vendor sources.

Technical ContextAI

The vulnerability resides in the file import mechanism of ACE Scanner PDF Scanner, a mobile PDF scanning application available on the Google Play Store. The underlying weakness involves insufficient validation or access controls on the file import process, allowing attackers to manipulate file paths or import operations to overwrite system or application-critical files. This arbitrary file overwrite capability (CWE class) can be chained to achieve code execution by overwriting executable files, libraries, or configuration files that the application loads during runtime, or to expose sensitive information by overwriting data files containing credentials or personal information. The mobile application context suggests the attack may require user interaction (such as importing a malicious file) or may exploit insecure default file permissions on the device.

RemediationAI

No vendor-released patch identified at time of analysis. Users should immediately check the Google Play Store for available updates to ACE Scanner PDF Scanner beyond v1.4.5, as patch release information has not been confirmed. As an interim mitigation, avoid importing PDF files or documents from untrusted sources until a patched version is confirmed available. Contact Deep Thought Industries directly via their official website (https://deepthought.industries/) to confirm patch status and expected release timeline. Refer to the security research disclosure at https://github.com/Secsys-FDU/AF_CVEs/issues/16 for additional technical details and potential workarounds documented by the research team.

Share

CVE-2026-30287 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy