CVE-2026-30292 Overview
An arbitrary file overwrite vulnerability has been identified in Docudepot PDF Reader: PDF Viewer APP v1.0.34. This vulnerability allows attackers to overwrite critical internal files via the file import process, potentially leading to arbitrary code execution or information exposure. The vulnerability is classified under CWE-73 (External Control of File Name or Path), indicating that the application fails to properly validate or sanitize file paths during the import operation.
Critical Impact
Exploitation of this vulnerability enables attackers with local access to overwrite sensitive application files, which can lead to arbitrary code execution or exposure of confidential information stored within the application's data directories.
Affected Products
- Docudepot PDF Reader: PDF Viewer APP v1.0.34
- Android devices with the affected application installed (package: pdf.pdfreader.pdfeditor.pdfmaker.pdfscanner)
Discovery Timeline
- 2026-04-01 - CVE-2026-30292 published to NVD
- 2026-04-01 - Last updated in NVD database
Technical Details for CVE-2026-30292
Vulnerability Analysis
This arbitrary file overwrite vulnerability exists in the file import functionality of Docudepot PDF Reader. The application fails to properly validate file paths during the import process, allowing an attacker to craft malicious input that traverses directories and overwrites files outside the intended storage location. This is a classic path traversal weakness where user-controlled input is used to construct file paths without adequate sanitization.
The vulnerability requires local access to exploit, meaning an attacker needs to either have physical access to the device or leverage another vulnerability or malicious application to trigger the file import functionality with crafted input. Once exploited, the attacker can overwrite critical application configuration files, shared libraries, or other sensitive data, potentially achieving code execution within the application's context or causing data loss and information disclosure.
Root Cause
The root cause is External Control of File Name or Path (CWE-73). The Docudepot PDF Reader application does not properly sanitize or validate file path input during the file import process. This allows attackers to include path traversal sequences (such as ../) or absolute paths in file names, enabling writes to arbitrary locations accessible by the application's file system permissions.
Attack Vector
This is a local attack vector vulnerability. An attacker must have local access to the Android device to exploit this vulnerability. The attack can be executed through:
- Importing a maliciously crafted PDF or file with path traversal sequences embedded in the filename
- Leveraging another malicious application to invoke the vulnerable import functionality with crafted parameters
- Using social engineering to convince a user to import a specially crafted file
The attacker can target application-specific files such as configuration data, cached credentials, or shared library files to achieve code execution or information disclosure.
Detection Methods for CVE-2026-30292
Indicators of Compromise
- Unexpected modifications to files within the Docudepot PDF Reader application's data directory
- Presence of files with path traversal sequences (../) in application logs or file system activity
- Application crashes or unexpected behavior following file import operations
- Unauthorized access to sensitive data previously stored within the application
Detection Strategies
- Monitor Android application logs for file operations containing path traversal patterns
- Implement file integrity monitoring on critical application directories
- Use mobile threat defense solutions to detect anomalous file system operations
- Review application permissions and identify attempts to access files outside designated directories
Monitoring Recommendations
- Enable verbose logging for file import operations on managed Android devices
- Deploy endpoint detection and response (EDR) solutions capable of monitoring Android file system activity
- Regularly audit installed applications for known vulnerable versions
- Configure alerts for file modification events in sensitive application directories
How to Mitigate CVE-2026-30292
Immediate Actions Required
- Update Docudepot PDF Reader to the latest available version if a patched version has been released
- Consider temporarily uninstalling or disabling the application until a patch is available
- Review device file systems for signs of exploitation or unauthorized file modifications
- Limit application installation sources to verified app stores and trusted publishers
Patch Information
At the time of this publication, no official vendor patch information has been released. Users should monitor the DocuDepot Resource Hub and the Google Play Store listing for updates. Additional technical details and discussion can be found in the GitHub Issue #20 Discussion from the Fudan University Security Research team.
Workarounds
- Avoid importing PDF files or documents from untrusted sources using the affected application
- Use alternative PDF reader applications until a security update is available
- Implement mobile device management (MDM) policies to restrict file import capabilities
- Isolate sensitive data from applications with known vulnerabilities
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
