CVE-2026-33645

Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare’s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is used directly in filesystem path construction without sanitization or containment checks. This enables unauthorized file writes to attacker-chosen paths writable by the Fireshare process (e.g., container `/tmp`), violating integrity and potentially enabling follow-on attacks depending on deployment. Version 1.5.2 fixes the issue.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.2	Release Notes
https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7	Vendor Advisory
https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:shaneisrael:fireshare:1.5.1:*:*:*:*:*:*:*

History

30 Mar 2026, 18:12

Type	Values Removed	Values Added
CPE		cpe:2.3:a:shaneisrael:fireshare:1.5.1:::::::*
References	~~() https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.2 -~~	() https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.2 - Release Notes
References	~~() https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7 -~~	() https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7 - Vendor Advisory
First Time		Shaneisrael Shaneisrael fireshare

Information

Published : 2026-03-26 21:17

Updated : 2026-03-30 18:12

NVD link : CVE-2026-33645

Mitre link : CVE-2026-33645

CVE.ORG link : CVE-2026-33645

JSON object : View

Products Affected

shaneisrael

fireshare

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-73

External Control of File Name or Path

{"id": "CVE-2026-33645", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2026-03-26T21:17:07.940", "references": [{"url": "https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.2", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7", "tags": ["Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-73"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare\u2019s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is used directly in filesystem path construction without sanitization or containment checks. This enables unauthorized file writes to attacker-chosen paths writable by the Fireshare process (e.g., container `/tmp`), violating integrity and potentially enabling follow-on attacks depending on deployment. Version 1.5.2 fixes the issue."}, {"lang": "es", "value": "Fireshare facilita el intercambio de medios y enlaces autoalojados. En la versi\u00f3n 1.5.1, una vulnerabilidad de salto de ruta autenticado en el endpoint de carga por fragmentos de Fireshare permite a un atacante escribir archivos arbitrarios fuera del directorio de carga previsto. El campo multipart 'checkSum' se utiliza directamente en la construcci\u00f3n de rutas del sistema de archivos sin saneamiento ni comprobaciones de contenci\u00f3n. Esto permite escrituras de archivos no autorizadas en rutas elegidas por el atacante que son escribibles por el proceso de Fireshare (por ejemplo, el contenedor '/tmp'), violando la integridad y potencialmente habilitando ataques posteriores dependiendo del despliegue. La versi\u00f3n 1.5.2 corrige el problema."}], "lastModified": "2026-03-30T18:12:01.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:shaneisrael:fireshare:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30F3F40C-460E-4042-8663-36E9994D325C"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}