Skip to main content

Docudepot PDF Reader EUVDEUVD-2026-17893

| CVE-2026-30292 HIGH
External Control of File Name or Path (CWE-73)
2026-04-01 mitre
8.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 27, 2026 - 19:22 vuln.today
cvss_changed
EUVD ID Assigned
Apr 01, 2026 - 15:00 euvd
EUVD-2026-17893
Analysis Generated
Apr 01, 2026 - 15:00 vuln.today
CVE Published
Apr 01, 2026 - 00:00 nvd
HIGH 8.4

DescriptionCVE.org

An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

AnalysisAI

Arbitrary file overwrite in Docudepot PDF Reader v1.0.34 enables attackers to overwrite critical internal files through the file import process, resulting in arbitrary code execution or information exposure. The vulnerability affects the mobile PDF viewer application across Android platforms. No public exploit code or active exploitation has been confirmed at time of analysis, though the severity of potential impact (RCE) warrants immediate investigation and patching.

Technical ContextAI

The vulnerability stems from insufficient input validation and improper file handling during the PDF import process in Docudepot PDF Reader. The application fails to implement adequate path traversal protections when processing imported files, allowing attackers to specify arbitrary file paths that overwrite system or application-critical files. This type of flaw typically falls under improper resource validation or insufficient access controls. The affected product is a mobile PDF viewing and editing application distributed via the Google Play Store, making it accessible to a broad user base on Android devices.

RemediationAI

Users should immediately update Docudepot PDF Reader to the latest available version via Google Play Store, as no specific patched version number is provided in the available data. If an update is not yet available, users should avoid importing PDF files or other documents from untrusted sources and consider using alternative PDF readers until a patch is released. Developers and maintainers should consult the GitHub issue at https://github.com/Secsys-FDU/AF_CVEs/issues/20 and vendor advisory at https://docudepot.bitbucket.io/ for technical remediation details and apply input validation and path traversal protections to the file import functionality.

Share

EUVD-2026-17893 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy