{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30287", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-01T19:12:34.843Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-04-01T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-01T13:52:33.542Z"}, "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://secsys.fudan.edu.cn/"}, {"url": "https://deepthought.industries/"}, {"url": "https://play.google.com/store/apps/details?id=pdfscanner.scan.pdf.scanner.free"}, {"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/16"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-73", "lang": "en", "description": "CWE-73 External Control of File Name or Path"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T19:10:21.830910Z", "id": "CVE-2026-30287", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T19:12:34.843Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30287", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T19:10:21.830910Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73 External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T19:10:55.575Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://secsys.fudan.edu.cn/"}, {"url": "https://deepthought.industries/"}, {"url": "https://play.google.com/store/apps/details?id=pdfscanner.scan.pdf.scanner.free"}, {"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/16"}], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-01T13:52:33.542Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30287", "state": "PUBLISHED", "dateUpdated": "2026-04-01T19:12:34.843Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-01T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deepthought.industries:ace_scanner:1.4.5:*:*:*:*:android:*:*", "matchCriteriaId": "C11A989B-E14D-4DB6-AC50-E4F4F07AB223", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "id": "CVE-2026-30287", "lastModified": "2026-04-02T19:37:43.627", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-01T14:16:49.777", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://deepthought.industries/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking"], "url": "https://github.com/Secsys-FDU/AF_CVEs/issues/16"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=pdfscanner.scan.pdf.scanner.free"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://secsys.fudan.edu.cn/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.4.5"}}], "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "ace_scanner", "vendor": "deepthought.industries"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.4.5"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "pdf_scanner", "vendor": "deepthought.industries"}], "analysis": {"en": {"generated_at": "2026-04-02T22:39:52.213442+00:00", "value": {"mitigation_remediation": ["Check the vendor\u2019s website or app store for an updated version and install it immediately.", "If a patch is unavailable, discontinue use of the application or uninstall it to prevent the exploit.", "Avoid importing PDFs from untrusted or unknown sources until the issue is resolved.", "Contact Deep Thought Industries for remediation guidance or a workaround."], "summary": {"action": "Immediate patch", "impact": "Potential for arbitrary code execution or information exposure through file overwrite"}, "threat_synthesis": {"affected_systems": "The affected product is the Deep Thought Industries ACE Scanner PDF Scanner for Android, version 1.4.5; this is the only version listed in the provided CPE string.", "description_and_impact": "The vulnerability is an arbitrary file overwrite flaw (CWE\u201173) in Deep Thought Industries ACE Scanner PDF Scanner version 1.4.5. By manipulating the file import process, an attacker can replace critical internal files, which may enable arbitrary code execution or reveal sensitive information contained within the application.", "risk_and_exploitability": "The CVSS score is 8.4, indicating high severity, while the EPSS score is below 1%, implying a lower probability of exploitation in the short term. This vulnerability is not listed in the CISA KEV catalog. The likely attack vector is application\u2011level, requiring the attacker to supply a crafted PDF file that a user imports into the application; this inference is based on the description of the file import process and is not directly stated in the input."}}}}, "created": "2026-04-02T07:51:23.954827+00:00", "updated": "2026-04-03T09:19:18.886796+00:00", "vendors": ["deepthought.industries", "deepthought.industries$PRODUCT$ace_scanner", "deepthought.industries$PRODUCT$pdf_scanner"]}