Cyber Resilience

CVE-2026-30284

HighPublic PoC

Published: 31 March 2026

Published
31 March 2026
Modified
06 April 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0021 11.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-30284 is a high-severity External Control of File Name or Path (CWE-73) vulnerability in Uxgroupllc Voice Recorder. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 11.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-30284 is an arbitrary file overwrite vulnerability affecting UXGROUP LLC Voice Recorder version 10.0. The flaw exists in the file import process, which allows attackers to overwrite critical internal files. This can lead to arbitrary code execution or information exposure, as classified under CWE-73 (External Control of File Name or Path). The vulnerability received a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact with low complexity and no required privileges.

Exploitation requires local access to the system running the affected software and user interaction, such as convincing a user to import a malicious file. An unprivileged attacker can leverage this to overwrite key files, achieving arbitrary code execution with elevated privileges or exposing sensitive information. The high scope change (S:C) amplifies the risk, as successful exploitation can affect confidentiality, integrity, and availability at a high level.

Mitigation details are available in related advisories referenced at http://voice.com, https://appcraze.co/, https://github.com/Secsys-FDU/AF_CVEs/issues/25, and https://secsys.fudan.edu.cn/. Security practitioners should review these sources for patch information or workarounds, as the vulnerability was published on 2026-03-31.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Arbitrary file overwrite in client app via malicious import directly enables client-side exploitation for code execution (T1203) and privilege escalation to elevated code exec (T1068); info exposure impact maps to data collection from local system (T1005).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-30282Same vendor: Uxgroupllc
CVE-2026-30289Shared CWE-73
CVE-2026-30291Shared CWE-73
CVE-2026-27211Shared CWE-73
CVE-2026-30292Shared CWE-73
CVE-2026-20931Shared CWE-73
CVE-2026-30287Shared CWE-73
CVE-2026-32204Shared CWE-73
CVE-2025-59291Shared CWE-73
CVE-2026-24287Shared CWE-73

Affected Assets

uxgroupllc
voice recorder
10.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 requires validation of file names and paths during the import process, directly preventing external control of file destinations and arbitrary overwrites.

prevent

SI-2 mandates identification, reporting, and correction of the specific file import flaw, ensuring patches or fixes eliminate the vulnerability.

preventdetect

SI-7 verifies integrity of critical internal files and software, preventing or detecting unauthorized overwrites that enable code execution or information exposure.

References