{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33330", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-18T21:23:36.678Z", "datePublished": "2026-03-24T19:15:03.367Z", "dateUpdated": "2026-03-24T20:07:58.035Z"}, "containers": {"cna": {"title": "FileRise ONLYOFFICE integration allows read-only users to overwrite files via forged save callback", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/error311/FileRise/security/advisories/GHSA-6c3j-f4x4-36m3", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/error311/FileRise/security/advisories/GHSA-6c3j-f4x4-36m3"}, {"name": "https://github.com/error311/FileRise/commit/3871f9fd1661688bed4f7dd23912be0ebf50973c", "tags": ["x_refsource_MISC"], "url": "https://github.com/error311/FileRise/commit/3871f9fd1661688bed4f7dd23912be0ebf50973c"}, {"name": "https://github.com/error311/FileRise/releases/tag/v3.10.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/error311/FileRise/releases/tag/v3.10.0"}], "affected": [{"vendor": "error311", "product": "FileRise", "versions": [{"version": "< 3.10.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-24T19:15:03.367Z"}, "descriptions": [{"lang": "en", "value": "FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and then directly forge the ONLYOFFICE save callback to overwrite that file with attacker-controlled content. This issue has been patched in version 3.10.0."}], "source": {"advisory": "GHSA-6c3j-f4x4-36m3", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T19:58:39.128918Z", "id": "CVE-2026-33330", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T20:07:58.035Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33330", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T19:58:39.128918Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T20:06:41.844Z"}}], "cna": {"title": "FileRise ONLYOFFICE integration allows read-only users to overwrite files via forged save callback", "source": {"advisory": "GHSA-6c3j-f4x4-36m3", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "error311", "product": "FileRise", "versions": [{"status": "affected", "version": "< 3.10.0"}]}], "references": [{"url": "https://github.com/error311/FileRise/security/advisories/GHSA-6c3j-f4x4-36m3", "name": "https://github.com/error311/FileRise/security/advisories/GHSA-6c3j-f4x4-36m3", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/error311/FileRise/commit/3871f9fd1661688bed4f7dd23912be0ebf50973c", "name": "https://github.com/error311/FileRise/commit/3871f9fd1661688bed4f7dd23912be0ebf50973c", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/error311/FileRise/releases/tag/v3.10.0", "name": "https://github.com/error311/FileRise/releases/tag/v3.10.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and then directly forge the ONLYOFFICE save callback to overwrite that file with attacker-controlled content. This issue has been patched in version 3.10.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-24T19:15:03.367Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33330", "state": "PUBLISHED", "dateUpdated": "2026-03-24T20:07:58.035Z", "dateReserved": "2026-03-18T21:23:36.678Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-24T19:15:03.367Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:filerise:filerise:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B339ADF-A894-4CDC-9253-2FCD475FB12F", "versionEndExcluding": "3.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and then directly forge the ONLYOFFICE save callback to overwrite that file with attacker-controlled content. This issue has been patched in version 3.10.0."}], "id": "CVE-2026-33330", "lastModified": "2026-03-26T11:58:39.460", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-24T20:16:28.387", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/error311/FileRise/commit/3871f9fd1661688bed4f7dd23912be0ebf50973c"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/error311/FileRise/releases/tag/v3.10.0"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/error311/FileRise/security/advisories/GHSA-6c3j-f4x4-36m3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.10.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FileRise", "source": "cna", "vendor": "error311"}, "product": "filerise", "vendor": "error311"}], "analysis": {"en": {"generated_at": "2026-03-26T14:58:12.675693+00:00", "value": {"mitigation_remediation": ["Upgrade FileRise to version 3.10.0 or newer where the flaw is fixed", "Confirm that ONLYOFFICE integration is correctly configured and that signed callback URLs are validated on the server side", "Monitor logs for attempted save callback operations and block suspicious activity"], "summary": {"action": "Patch immediately", "impact": "Unauthorized modification of files through forged ONLYOFFICE callbacks"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the FileRise self\u2011hosted web file manager and WebDAV server. All releases prior to version 3.10.0 are vulnerable. Only the versions after the 3.10.0 release have applied the patch that eliminates the flaw.", "description_and_impact": "FileRise exposes a broken access control flaw in its ONLYOFFICE integration that allows an authenticated user with read\u2011only permissions to retrieve a signed save callback URL for any file the user can view. An attacker can then forge this callback and force the server to overwrite the target file with content controlled by the attacker. This results in a loss of integrity for the affected file and could enable further compromise if the overwritten content references or embeds malicious payloads. The vulnerability is exemplified by CWE\u2011863, which indicates missing or inadequate access checks during critical operations.", "risk_and_exploitability": "The CVSS score of 7.1 classifies the issue as high severity, but the EPSS value of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack scenario requires the attacker to be logged in with read\u2011only privileges and to manipulate a signed callback URL, so the presumed attack vector is authenticated remote exploitation. Even with the low EPSS, the potential for file corruption or further lateral movement warrants prompt attention."}}}}, "created": "2026-03-25T11:46:19.624604+00:00", "updated": "2026-03-27T09:20:39.233997+00:00", "vendors": ["error311", "error311$PRODUCT$filerise"]}