File Write Flaws in Docudepot PDF Reader and Stackfield Desktop App
Two newly disclosed vulnerabilities expose users of Docudepot PDF Reader and the Stackfield Desktop App to arbitrary file write attacks that could lead to severe system compromise. CVE-2026-30292 affects Docudepot PDF Reader: PDF Viewer APP version 1.0.34, where a weakness in the file import process allows arbitrary file overwrite of critical internal files. The issue is classified as CWE-73 and carries a CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H score, with reported impact including possible arbitrary code execution and information exposure.
CVE-2026-28373 affects the Stackfield Desktop App before version 1.10.2 on macOS and Windows. The flaw stems from path traversal in decryption functionality that mishandles the filePath property, allowing a malicious export to write arbitrary content to any location on a victim’s filesystem. The vulnerability is tracked as CWE-22 and was assigned CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H, reflecting high risk to confidentiality, integrity, and availability when a crafted file is opened.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
MITRE receives CVE-2026-28373 for Stackfield Desktop App path traversal flaw
MITRE received CVE-2026-28373 for a path traversal vulnerability in Stackfield Desktop App before version 1.10.2 on macOS and Windows. The flaw in decryption-related handling of the filePath property could let a malicious export write arbitrary content anywhere on a victim's filesystem.
Docudepot PDF Reader file overwrite vulnerability disclosed as CVE-2026-30292
A vulnerability affecting Docudepot PDF Reader: PDF Viewer APP version 1.0.34 was disclosed, describing an arbitrary file overwrite flaw in the app's file import process that could lead to code execution or information exposure. The CVE record was updated with a CVSS v3.1 vector, CWE-73 classification, and references to vendor and research sources.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Adobe Acrobat Reader Prototype Pollution Flaws Enable Code Execution
Adobe disclosed two high-severity prototype pollution vulnerabilities in **Acrobat Reader** tracked as `CVE-2026-34621` and `CVE-2026-34622`. Both flaws can lead to arbitrary code execution in the context of the current user if a victim opens a malicious file, making user interaction a required condition for exploitation. Adobe classified both issues under `CWE-1321` and assigned CVSS v3.1 vectors indicating high impact to confidentiality, integrity, and availability. `CVE-2026-34621` affects Acrobat Reader versions `24.001.30356`, `26.001.21367`, and earlier, while `CVE-2026-34622` affects versions `26.001.21411`, `24.001.30360`, `24.001.30362`, and earlier. The disclosures indicate the vulnerabilities were reported to Adobe's PSIRT and published with advisory references, signaling that organizations using Acrobat Reader should identify exposed versions and prioritize updates to reduce the risk of malicious document-based compromise.
Apr 23, 2026
Local Code Execution Flaws Disclosed in PDF Explorer and RGui
Two newly cataloged CVEs detail local code execution vulnerabilities in Windows desktop applications **PDF Explorer 1.5.66.2** and **RGui 3.5.0**. **CVE-2018-25217** affects PDF Explorer through a structured exception handler (SEH) overflow in the application's **Custom fields settings** dialog, where malicious data placed in the **Label** field can overwrite SEH records and enable arbitrary code execution. The issue is mapped to `CWE-787` and was published with CVSS v4.0 and v3.1 scoring, alongside references to Exploit-DB, RTT Software, a trial installer, and a VulnCheck advisory. **CVE-2018-25258** affects RGui 3.5.0 through a stack-based buffer overflow in the **GUI preferences** dialog, specifically the **Language for menus and messages** field. The disclosure says an attacker can use SEH-based exploitation to bypass DEP, run a ROP chain that calls `VirtualAlloc`, and achieve arbitrary code execution on the local system. The entry was published with CVSS v4.0 and v3.1 vectors and references to the affected R 3.5.0 Windows binary, Exploit-DB, the R Project website, and a VulnCheck advisory.
Apr 12, 2026
Multiple Adobe Acrobat and Reader Flaws Enable Code Execution and Information Disclosure
German authorities issued security advisories for **Adobe Acrobat DC**, **Acrobat Reader DC**, and **Adobe Acrobat Reader** covering multiple vulnerabilities that could allow **information disclosure** and **arbitrary code execution**. One advisory specifically warned that a flaw in Adobe Acrobat Reader could expose sensitive information and be leveraged for code execution, raising the risk of compromise when users open maliciously crafted PDF files. A follow-up advisory expanded the scope to **multiple vulnerabilities** across Adobe’s Acrobat product line, indicating broader exposure for enterprise and end-user systems that rely on Adobe PDF software. Organizations using affected Adobe applications should prioritize vendor patches and review endpoint protections, as successful exploitation could give attackers access to data or the ability to run code on targeted systems.
Apr 15, 2026