CVE-2026-30285
Published: 31 March 2026
Description
An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
Mitigating Controls (NIST 800-53 r5)AI
Directly validates file paths and inputs in the import process to block path traversal attacks enabling arbitrary file overwrites.
Remediates the specific flaw in the Zora v2.60.0 file import process that allows remote arbitrary file overwrites leading to code execution.
Monitors critical internal files for unauthorized modifications caused by the file overwrite vulnerability.
Security SummaryAI
CVE-2026-30285 is an arbitrary file overwrite vulnerability (CWE-22) in Zora: Post, Trade, Earn Crypto version 2.60.0. Published on 2026-03-31T20:16:26.550, it enables attackers to overwrite critical internal files via the file import process, potentially leading to arbitrary code execution or information exposure. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.
Remote attackers can exploit this vulnerability over the network with low complexity, without requiring privileges or user interaction and without changing scope. Successful exploitation allows high-impact outcomes on confidentiality, integrity, and availability, including arbitrary code execution for full system compromise or exposure of sensitive information.
Advisories and further details are referenced at https://github.com/Secsys-FDU/AF_CVEs/issues/15, https://secsys.fudan.edu.cn/, and https://zora.co/.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file overwrite vulnerability in a public-facing crypto application (Zora.co) enables remote exploitation without authentication, directly mapping to exploitation of public-facing applications.