{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33645", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T15:23:42.217Z", "datePublished": "2026-03-26T20:58:21.521Z", "dateUpdated": "2026-03-27T20:01:09.752Z"}, "containers": {"cna": {"title": "Fireshare has Path Traversal Arbitrary File Write in `/api/uploadChunked`", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-73", "lang": "en", "description": "CWE-73: External Control of File Name or Path", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7"}, {"name": "https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.2"}], "affected": [{"vendor": "ShaneIsrael", "product": "fireshare", "versions": [{"version": "= 1.5.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T20:58:21.521Z"}, "descriptions": [{"lang": "en", "value": "Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare\u2019s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is used directly in filesystem path construction without sanitization or containment checks. This enables unauthorized file writes to attacker-chosen paths writable by the Fireshare process (e.g., container `/tmp`), violating integrity and potentially enabling follow-on attacks depending on deployment. Version 1.5.2 fixes the issue."}], "source": {"advisory": "GHSA-7q8r-vpq3-89m7", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T14:30:41.472712Z", "id": "CVE-2026-33645", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T20:01:09.752Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33645", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T14:30:41.472712Z"}}}], "references": [{"url": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T14:30:50.933Z"}}], "cna": {"title": "Fireshare has Path Traversal Arbitrary File Write in `/api/uploadChunked`", "source": {"advisory": "GHSA-7q8r-vpq3-89m7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ShaneIsrael", "product": "fireshare", "versions": [{"status": "affected", "version": "= 1.5.2"}]}], "references": [{"url": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7", "name": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.2", "name": "https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare\u2019s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is used directly in filesystem path construction without sanitization or containment checks. This enables unauthorized file writes to attacker-chosen paths writable by the Fireshare process (e.g., container `/tmp`), violating integrity and potentially enabling follow-on attacks depending on deployment. Version 1.5.2 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T20:58:21.521Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33645", "state": "PUBLISHED", "dateUpdated": "2026-03-27T20:01:09.752Z", "dateReserved": "2026-03-23T15:23:42.217Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-26T20:58:21.521Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shaneisrael:fireshare:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "30F3F40C-460E-4042-8663-36E9994D325C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare\u2019s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is used directly in filesystem path construction without sanitization or containment checks. This enables unauthorized file writes to attacker-chosen paths writable by the Fireshare process (e.g., container `/tmp`), violating integrity and potentially enabling follow-on attacks depending on deployment. Version 1.5.2 fixes the issue."}, {"lang": "es", "value": "Fireshare facilita el intercambio de medios y enlaces autoalojados. En la versi\u00f3n 1.5.1, una vulnerabilidad de salto de ruta autenticado en el endpoint de carga por fragmentos de Fireshare permite a un atacante escribir archivos arbitrarios fuera del directorio de carga previsto. El campo multipart 'checkSum' se utiliza directamente en la construcci\u00f3n de rutas del sistema de archivos sin saneamiento ni comprobaciones de contenci\u00f3n. Esto permite escrituras de archivos no autorizadas en rutas elegidas por el atacante que son escribibles por el proceso de Fireshare (por ejemplo, el contenedor '/tmp'), violando la integridad y potencialmente habilitando ataques posteriores dependiendo del despliegue. La versi\u00f3n 1.5.2 corrige el problema."}], "id": "CVE-2026-33645", "lastModified": "2026-03-30T18:12:01.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-26T21:17:07.940", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.2"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory"], "url": "https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-7q8r-vpq3-89m7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-73"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.5.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "fireshare", "source": "cna", "vendor": "ShaneIsrael"}, "product": "fireshare", "vendor": "shaneisrael"}], "analysis": {"en": {"generated_at": "2026-03-26T22:23:39.157106+00:00", "value": {"mitigation_remediation": ["Upgrade Fireshare to version 1.5.2 or later", "If an upgrade is unavailable, restrict the permissions of the Fireshare process so that it cannot write to unintended directories"], "summary": {"action": "Apply Patch", "impact": "Integrity compromise via arbitrary file write"}, "threat_synthesis": {"affected_systems": "The vulnerability affects ShaneIsrael's Fireshare product, specifically version 1.5.1. The release notes for version 1.5.2 contain a fix that removes the unsanitized path construction. Users running version 1.5.1 or earlier are at risk.", "description_and_impact": "Fireshare allows an attacker who can authenticate to the system to craft a multipart request to the /api/uploadChunked endpoint that contains a \"checkSum\" field. The value of this field is concatenated directly into a filesystem path without any sanitization or containment checks, enabling a path traversal attack that writes an arbitrary file to any location writable by the Fireshare process. This breach of file system integrity can lead to placement of malicious executables, configuration manipulation, or other follow\u2011on attacks depending on how the application and host system are configured.", "risk_and_exploitability": "The CVSS score of 7.1 indicates a high impact severity, and while no EPSS score is available, the lack of exploitation evidence suggests moderate to high risk for compromised accounts. The vulnerability is not listed in CISA\u2019s KEV catalog, implying it has not yet become a widely known exploit. Attackers require authenticated access to the Fireshare service to send the malicious payload, but once authenticated, they can deploy arbitrary files to writable locations such as /tmp in a container environment, potentially enabling file execution or persistent compromise."}}}}, "created": "2026-03-27T08:31:53.152878+00:00", "updated": "2026-03-27T09:23:20.460810+00:00", "vendors": ["shaneisrael", "shaneisrael$PRODUCT$fireshare"]}