{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30277", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-02T14:17:55.040Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-31T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-31T16:59:49.942Z"}, "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://pdf.com"}, {"url": "https://secsys.fudan.edu.cn/"}, {"url": "https://www.triumph-adler.com/ta-de-de/software/mobile-und-cloud/mobile-print"}, {"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/24"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T14:16:33.191339Z", "id": "CVE-2026-30277", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T14:17:55.040Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30277", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-02T14:16:33.191339Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T14:17:49.048Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://pdf.com"}, {"url": "https://secsys.fudan.edu.cn/"}, {"url": "https://www.triumph-adler.com/ta-de-de/software/mobile-und-cloud/mobile-print"}, {"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/24"}], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-31T16:59:49.942Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30277", "state": "PUBLISHED", "dateUpdated": "2026-04-02T14:17:55.040Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-31T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "id": "CVE-2026-30277", "lastModified": "2026-04-02T15:16:35.377", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-31T18:16:46.740", "references": [{"source": "cve@mitre.org", "url": "http://pdf.com"}, {"source": "cve@mitre.org", "url": "https://github.com/Secsys-FDU/AF_CVEs/issues/24"}, {"source": "cve@mitre.org", "url": "https://secsys.fudan.edu.cn/"}, {"source": "cve@mitre.org", "url": "https://www.triumph-adler.com/ta-de-de/software/mobile-und-cloud/mobile-print"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-31T18:23:47.180236+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s latest patch for TA/UTAX Mobile Print as soon as it becomes available.", "If a patch cannot be applied immediately, disable or remove the file import functionality to block potential uploads.", "Verify file integrity and monitor for unusual file operations to detect exploitation attempts."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary Code Execution and Information Exposure"}, "threat_synthesis": {"affected_systems": "The flaw is found in the PDF Reader App component of TA/UTAX Mobile Print version\u202f3.7.2.251001. No other vendors or products are listed; the affected software runs on mobile platforms, likely Android or iOS.", "description_and_impact": "An attacker can overwrite critical internal files by using the file import feature, which allows the application to write arbitrary data to protected locations. This vulnerability enables code execution if the attacker supplies a malicious file or permits disclosure of sensitive data. The weakness stems from inadequate validation of file paths and permissions during the import process.", "risk_and_exploitability": "The CVSS score is not provided, but the potential for arbitrary code execution indicates a high severity level. EPSS data is unavailable and the vulnerability is not listed in CISA\u2019s KEV catalog. The likely attack vector involves delivering a crafted file (e.g., via email or download) that the user opens, enabling the attacker to trigger the file overwrite. No official patch or workaround is indicated in the current data."}}}}, "created": "2026-03-31T19:56:52.595277+00:00", "title": "Arbitrary File Overwrite in TA/UTAX Mobile Print Leading to Code Execution", "updated": "2026-03-31T19:56:52.595302+00:00", "vendors": [], "weaknesses": ["CWE-22"]}