CVE-2026-25231

High CVSS: 7.5

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or can guess the file path, without requiring authentication. As a result, sensitive data could be exposed, and privacy may be breached. This vulnerability is fixed in 3.3.0.

Vendor

Filerise

Product

Filerise

CWE

CWE-284

Yayın Tarihi

2026-02-09 20:15:56

Güncelleme

2026-02-19 19:31:59

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-284 Filerise HIGH Filerise 2026

Referanslar

https://github.com/error311/FileRise/releases/tag/v3.3.0 https://github.com/error311/FileRise/security/advisories/GHSA-hv99-77cw-hvpr

Benzer Kayıtlar

Medium

CVE-2026-33477

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.…

High

CVE-2026-33329

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableId…

High

CVE-2026-33330

FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in Fi…

Low

CVE-2026-33070

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnera…

Medium

CVE-2026-33071

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accep…

High

CVE-2026-33072

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption k…