{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33645", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T15:23:42.217Z", "datePublished": "2026-03-26T20:58:21.521Z", "dateUpdated": "2026-03-27T20:01:09.752Z"}, "containers": {"cna": {"title": "Fireshare has Path Traversal Arbitrary File Write in `/api/uploadChunked`", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-73", "lang": "en", "description": "CWE-73: External Control of File Name or Path", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7"}, {"name": "https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.2"}], "affected": [{"vendor": "ShaneIsrael", "product": "fireshare", "versions": [{"version": "= 1.5.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T20:58:21.521Z"}, "descriptions": [{"lang": "en", "value": "Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare\u2019s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is used directly in filesystem path construction without sanitization or containment checks. This enables unauthorized file writes to attacker-chosen paths writable by the Fireshare process (e.g., container `/tmp`), violating integrity and potentially enabling follow-on attacks depending on deployment. Version 1.5.2 fixes the issue."}], "source": {"advisory": "GHSA-7q8r-vpq3-89m7", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T14:30:41.472712Z", "id": "CVE-2026-33645", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T20:01:09.752Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33645", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T14:30:41.472712Z"}}}], "references": [{"url": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T14:30:50.933Z"}}], "cna": {"title": "Fireshare has Path Traversal Arbitrary File Write in `/api/uploadChunked`", "source": {"advisory": "GHSA-7q8r-vpq3-89m7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ShaneIsrael", "product": "fireshare", "versions": [{"status": "affected", "version": "= 1.5.2"}]}], "references": [{"url": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7", "name": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.2", "name": "https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare\u2019s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is used directly in filesystem path construction without sanitization or containment checks. This enables unauthorized file writes to attacker-chosen paths writable by the Fireshare process (e.g., container `/tmp`), violating integrity and potentially enabling follow-on attacks depending on deployment. Version 1.5.2 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T20:58:21.521Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33645", "state": "PUBLISHED", "dateUpdated": "2026-03-27T20:01:09.752Z", "dateReserved": "2026-03-23T15:23:42.217Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-26T20:58:21.521Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shaneisrael:fireshare:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "30F3F40C-460E-4042-8663-36E9994D325C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare\u2019s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is used directly in filesystem path construction without sanitization or containment checks. This enables unauthorized file writes to attacker-chosen paths writable by the Fireshare process (e.g., container `/tmp`), violating integrity and potentially enabling follow-on attacks depending on deployment. Version 1.5.2 fixes the issue."}, {"lang": "es", "value": "Fireshare facilita el intercambio de medios y enlaces autoalojados. En la versi\u00f3n 1.5.1, una vulnerabilidad de salto de ruta autenticado en el endpoint de carga por fragmentos de Fireshare permite a un atacante escribir archivos arbitrarios fuera del directorio de carga previsto. El campo multipart 'checkSum' se utiliza directamente en la construcci\u00f3n de rutas del sistema de archivos sin saneamiento ni comprobaciones de contenci\u00f3n. Esto permite escrituras de archivos no autorizadas en rutas elegidas por el atacante que son escribibles por el proceso de Fireshare (por ejemplo, el contenedor '/tmp'), violando la integridad y potencialmente habilitando ataques posteriores dependiendo del despliegue. La versi\u00f3n 1.5.2 corrige el problema."}], "id": "CVE-2026-33645", "lastModified": "2026-03-30T18:12:01.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-26T21:17:07.940", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.2"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory"], "url": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-73"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.5.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "fireshare", "source": "cna", "vendor": "ShaneIsrael"}, "product": "fireshare", "vendor": "shaneisrael"}], "analysis": {"en": {"generated_at": "2026-03-30T19:28:16.270786+00:00", "value": {"mitigation_remediation": ["Upgrade Fireshare to version\u202f1.5.2 or later, which sanitizes the upload path.", "If an upgrade is not immediately possible, restrict authentication to the `/api/uploadChunked` endpoint or disable the endpoint entirely.", "Ensure the filesystem permissions of the application\u2019s upload directory and the broader environment do not allow arbitrary writes to sensitive locations.", "Monitor the file system for unexpected new files or modifications in directories that should not be writable by the application."], "summary": {"action": "Immediate Patch", "impact": "Untrusted file write leading to integrity compromise"}, "threat_synthesis": {"affected_systems": "The affected product is Fireshare by ShaneIsrael, version 1.5.1. All installations running this exact version are vulnerable. The vulnerability was fixed in release 1.5.2; no other versions are listed as affected.", "description_and_impact": "Fireshare 1.5.1 contains an authenticated path\u2011traversal flaw in its chunked upload endpoint. The checkSum multipart field is concatenated directly into a filesystem path without sanitization, allowing a logged\u2011in user to write files to arbitrary locations that the Fireshare process can reach, such as /tmp in a container. This can be used to overwrite configuration files, deploy malicious scripts or binaries, and ultimately break the integrity of the deployment. The vulnerability itself does not grant remote code execution directly but it provides a vehicle for follow\u2011on attacks if attacker code is placed in a web\u2011executable location.", "risk_and_exploitability": "The CVSS score of 7.1 indicates a high severity due to the potential for destructive writes and subsequent exploitation. The EPSS score of less than 1\u202f% suggests that the probability of public exploitation is currently low. The issue is not listed in CISA\u2019s KEV catalog. Because the exploit requires authentication, the attack vector is likely internal or requires an attacker already able to reach the application. If privileged file permissions exist, an attacker who can write to sensitive paths could gain local code execution or other privilege escalation."}}}}, "created": "2026-03-27T08:31:53.152878+00:00", "updated": "2026-03-30T20:57:24.351870+00:00", "vendors": ["shaneisrael", "shaneisrael$PRODUCT$fireshare"]}