Cyber Resilience

CVE-2026-30290

HighPublic PoC

Published: 31 March 2026

Published
31 March 2026
Modified
07 April 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0023 13.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-30290 is a high-severity Path Traversal (CWE-22) vulnerability in Intouchapp Intouch Contacts \& Caller Id. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 13.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-30290 is an arbitrary file overwrite vulnerability (CWE-22) in the InTouch Contacts & Caller ID APP version 6.38.1. Published on 2026-03-31T20:16:26.670, it carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The issue enables attackers to overwrite critical internal files through the app's file import process, which can result in arbitrary code execution or information exposure.

A local attacker requires no privileges and can exploit the vulnerability with low attack complexity and no user interaction. By supplying a malicious file during the import process, the attacker can target and overwrite sensitive internal files, achieving high-impact effects on confidentiality, integrity, and availability, such as executing arbitrary code within the app's context or exposing user data.

Advisories and further details are available in the referenced sources: https://github.com/Secsys-FDU/AF_CVEs/issues/19, https://secsys.fudan.edu.cn/, and https://www.intouchapp.com/.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1554 Compromise Host Software Binary Persistence
Adversaries may modify host software binaries to establish persistent access to systems.
Why these techniques?

Arbitrary file overwrite via path traversal in a client app directly enables local exploitation for code execution (T1203) and facilitates compromising/replacing app binaries or internal files to run attacker-controlled code (T1554).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2016-20048Shared CWE-22
CVE-2026-22871Shared CWE-22
CVE-2025-67030Shared CWE-22
CVE-2026-4092Shared CWE-22
CVE-2024-7776Shared CWE-22
CVE-2026-30283Shared CWE-22
CVE-2026-30279Shared CWE-22
CVE-2026-5656Shared CWE-22
CVE-2026-30853Shared CWE-22
CVE-2024-7034Shared CWE-22

Affected Assets

intouchapp
intouch contacts \& caller id
6.38.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates file paths and contents during the import process to prevent arbitrary overwrites of critical internal files.

prevent

Enforces access restrictions to block unauthorized write operations to sensitive internal files via the import mechanism.

detect

Monitors integrity of critical files to identify unauthorized changes from the vulnerable file import process.

References