{"api_version":"1","generated_at":"2026-05-13T03:25:57+00:00","cve":"CVE-2026-30287","urls":{"html":"https://cve.report/CVE-2026-30287","api":"https://cve.report/api/cve/CVE-2026-30287.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-30287","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-30287"},"summary":{"title":"CVE-2026-30287","description":"An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.","state":"PUBLISHED","assigner":"mitre","published_at":"2026-04-01 14:16:49","updated_at":"2026-04-02 19:37:43"},"problem_types":["CWE-73","n/a","CWE-73 CWE-73 External Control of File Name or Path"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"8.4","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"8.4","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://deepthought.industries/","name":"https://deepthought.industries/","refsource":"cve@mitre.org","tags":["Product"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://play.google.com/store/apps/details?id=pdfscanner.scan.pdf.scanner.free","name":"https://play.google.com/store/apps/details?id=pdfscanner.scan.pdf.scanner.free","refsource":"cve@mitre.org","tags":["Product"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://secsys.fudan.edu.cn/","name":"https://secsys.fudan.edu.cn/","refsource":"cve@mitre.org","tags":["Not Applicable"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/Secsys-FDU/AF_CVEs/issues/16","name":"https://github.com/Secsys-FDU/AF_CVEs/issues/16","refsource":"cve@mitre.org","tags":["Exploit","Third Party Advisory","Issue Tracking"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-30287","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30287","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"30287","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"deepthought.industries","cpe5":"ace_scanner","cpe6":"1.4.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"android","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"30287","cve":"CVE-2026-30287","epss":"0.000120000","percentile":"0.016000000","score_date":"2026-04-07","updated_at":"2026-04-08 00:03:40"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2026-30287","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-04-01T19:10:21.830910Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-73","description":"CWE-73 External Control of File Name or Path","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-01T19:12:34.843Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2026-04-01T13:52:33.542Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"url":"https://secsys.fudan.edu.cn/"},{"url":"https://deepthought.industries/"},{"url":"https://play.google.com/store/apps/details?id=pdfscanner.scan.pdf.scanner.free"},{"url":"https://github.com/Secsys-FDU/AF_CVEs/issues/16"}]}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2026-30287","datePublished":"2026-04-01T00:00:00.000Z","dateReserved":"2026-03-04T00:00:00.000Z","dateUpdated":"2026-04-01T19:12:34.843Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-01 14:16:49","lastModifiedDate":"2026-04-02 19:37:43","problem_types":["CWE-73","n/a","CWE-73 CWE-73 External Control of File Name or Path"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:deepthought.industries:ace_scanner:1.4.5:*:*:*:*:android:*:*","matchCriteriaId":"C11A989B-E14D-4DB6-AC50-E4F4F07AB223"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"30287","Ordinal":"1","Title":"CVE-2026-30287","CVE":"CVE-2026-30287","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"30287","Ordinal":"1","NoteData":"An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.","Type":"Description","Title":"CVE-2026-30287"}]}}}