Cyber Resilience

CVE-2026-30285

CriticalPublic PoC

Published: 31 March 2026

Published
31 March 2026
Modified
07 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0062 44.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-30285 is a critical-severity Path Traversal (CWE-22) vulnerability in Zora Zora. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-30285 is an arbitrary file overwrite vulnerability (CWE-22) in Zora: Post, Trade, Earn Crypto version 2.60.0. Published on 2026-03-31T20:16:26.550, it enables attackers to overwrite critical internal files via the file import process, potentially leading to arbitrary code execution or information exposure. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.

Remote attackers can exploit this vulnerability over the network with low complexity, without requiring privileges or user interaction and without changing scope. Successful exploitation allows high-impact outcomes on confidentiality, integrity, and availability, including arbitrary code execution for full system compromise or exposure of sensitive information.

Advisories and further details are referenced at https://github.com/Secsys-FDU/AF_CVEs/issues/15, https://secsys.fudan.edu.cn/, and https://zora.co/.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Arbitrary file overwrite vulnerability in a public-facing crypto application (Zora.co) enables remote exploitation without authentication, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-2505Shared CWE-22
CVE-2026-5841Shared CWE-22
CVE-2026-33242Shared CWE-22
CVE-2026-33292Shared CWE-22
CVE-2026-35605Shared CWE-22
CVE-2025-53632Shared CWE-22
CVE-2025-8110Shared CWE-22
CVE-2026-8757Shared CWE-22
CVE-2025-7712Shared CWE-22
CVE-2026-31817Shared CWE-22

Affected Assets

zora
zora
2.60.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates file paths and inputs in the import process to block path traversal attacks enabling arbitrary file overwrites.

prevent

Remediates the specific flaw in the Zora v2.60.0 file import process that allows remote arbitrary file overwrites leading to code execution.

detect

Monitors critical internal files for unauthorized modifications caused by the file overwrite vulnerability.

References