{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30287", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-01T19:12:34.843Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-04-01T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-01T13:52:33.542Z"}, "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://secsys.fudan.edu.cn/"}, {"url": "https://deepthought.industries/"}, {"url": "https://play.google.com/store/apps/details?id=pdfscanner.scan.pdf.scanner.free"}, {"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/16"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-73", "lang": "en", "description": "CWE-73 External Control of File Name or Path"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T19:10:21.830910Z", "id": "CVE-2026-30287", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T19:12:34.843Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30287", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T19:10:21.830910Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73 External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T19:10:55.575Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://secsys.fudan.edu.cn/"}, {"url": "https://deepthought.industries/"}, {"url": "https://play.google.com/store/apps/details?id=pdfscanner.scan.pdf.scanner.free"}, {"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/16"}], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-01T13:52:33.542Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30287", "state": "PUBLISHED", "dateUpdated": "2026-04-01T19:12:34.843Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-01T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deepthought.industries:ace_scanner:1.4.5:*:*:*:*:android:*:*", "matchCriteriaId": "C11A989B-E14D-4DB6-AC50-E4F4F07AB223", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "id": "CVE-2026-30287", "lastModified": "2026-04-02T19:37:43.627", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-01T14:16:49.777", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://deepthought.industries/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking"], "url": "https://github.com/Secsys-FDU/AF_CVEs/issues/16"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=pdfscanner.scan.pdf.scanner.free"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://secsys.fudan.edu.cn/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-02T03:15:04.751905+00:00", "value": {"mitigation_remediation": ["Update to a patched or newer version of ACE Scanner PDF Scanner if one has been released.", "If a patch is not available, disable or restrict the file import feature to limited or trusted users.", "Avoid installing or using the vulnerable version 1.4.5 until a fix is available.", "Check vendor announcements regularly for updates or security advisories."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is Deep Thought Industries ACE Scanner PDF Scanner version 1.4.5. No other versions or related products have been reported as affected.", "description_and_impact": "The vulnerability allows an attacker to overwrite critical internal files through the file import process of the ACE Scanner PDF Scanner. By replacing these files, an attacker can execute arbitrary code or expose sensitive information, thereby compromising confidentiality and integrity.", "risk_and_exploitability": "The CVSS base score of 8.4 signals high severity. EPSS data is not available, and the vulnerability is not listed in CISA's KEV catalog. The attack likely requires the capability to trigger the import feature, which may be available locally or via a network interface; the exact vector is inferred from the description and not explicitly stated."}}}}, "created": "2026-04-02T07:51:23.954827+00:00", "title": "Arbitrary File Overwrite in Deep Thought Industries ACE Scanner PDF Scanner 1.4.5", "updated": "2026-04-02T07:51:23.954854+00:00", "vendors": []}