CVE-2026-30278 | An arbitrary file overwrite vulnerability in FLY is FUN Avia… | CVSS 9.8 CRITICAL

Description

An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

Metadata

CVE ID: CVE-2026-30278
State: PUBLISHED
Assigner: mitre
Reserved: 2026-03-04 00:00 UTC
Published: 2026-03-31 00:00 UTC
Last updated: 2026-04-02 14:19 UTC
Primary CWE: CWE-22
CWE-22 Improper Limitation of a Pathname to a Restricted Dir…
Vendor / Product: n/a / n/a
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
n/a	n/a	—	n/a

Weakness (CWE)

CWE	Source	Description
—	cna	n/a
CWE-22	adp	CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (3)