{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30277", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-02T14:17:55.040Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-31T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-31T16:59:49.942Z"}, "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://pdf.com"}, {"url": "https://secsys.fudan.edu.cn/"}, {"url": "https://www.triumph-adler.com/ta-de-de/software/mobile-und-cloud/mobile-print"}, {"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/24"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T14:16:33.191339Z", "id": "CVE-2026-30277", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T14:17:55.040Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30277", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-02T14:16:33.191339Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T14:17:49.048Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://pdf.com"}, {"url": "https://secsys.fudan.edu.cn/"}, {"url": "https://www.triumph-adler.com/ta-de-de/software/mobile-und-cloud/mobile-print"}, {"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/24"}], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-31T16:59:49.942Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30277", "state": "PUBLISHED", "dateUpdated": "2026-04-02T14:17:55.040Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-31T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:triumph-adler:mobile_print:3.7.2.251001:*:*:*:*:android:*:*", "matchCriteriaId": "E05FBD85-97B0-4C9A-9180-BB0F923723E4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "id": "CVE-2026-30277", "lastModified": "2026-04-03T18:42:53.973", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-31T18:16:46.740", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://pdf.com"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/Secsys-FDU/AF_CVEs/issues/24"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://secsys.fudan.edu.cn/"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.triumph-adler.com/ta-de-de/software/mobile-und-cloud/mobile-print"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.7.2.251001"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 87.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "mobile_print", "vendor": "triumph-adler"}], "analysis": {"en": {"generated_at": "2026-04-03T21:28:57.932027+00:00", "value": {"mitigation_remediation": ["Update Triumph Adler Mobile Print to a patched version if one exists", "If no newer version is available, contact Triumph Adler support for a fix", "Restrict or disable the file import feature for untrusted PDFs", "Avoid downloading or opening PDFs from unverified sources"], "summary": {"action": "Immediate Patch", "impact": "Arbitrary Code Execution"}, "threat_synthesis": {"affected_systems": "Triumph Adler Mobile Print version 3.7.2.251001 on Android devices is affected. Users of this specific build should verify whether they are running this version and whether security updates are available.", "description_and_impact": "The vulnerability permits an attacker to overwrite any file within the application\u2019s internal storage, enabling the execution of attacker-supplied code or the disclosure of sensitive data. This flaw originates from inadequate validation of file paths during the import process and falls under the common weakness enumeration CWE\u201122.", "risk_and_exploitability": "The CVSS score of 8.4 indicates a high severity for potential remote code execution. Although the EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, exploitation remains plausible due to the local file import vector. The likely attack pathway involves a user opening a crafted PDF that forces the application to overwrite internal files, a conclusion inferred from the described file import process."}}}}, "created": "2026-03-31T19:56:52.595277+00:00", "title": "Arbitrary File Overwrite in Triumph Adler Mobile Print Leading to Code Execution", "updated": "2026-04-07T08:08:25.901376+00:00", "vendors": ["triumph-adler", "triumph-adler$PRODUCT$mobile_print"]}