CVE-2026-34745

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H                                    

Vulnerability Description

Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file (app/server/fireshare/api.py). An unauthenticated attacker can exploit the checkSum parameter to write arbitrary files with attacker-controlled content to any writable path on the server filesystem. This issue has been patched in version 1.5.3.

Vulnerability Details

Published Date

April 02, 2026

Last Modified

April 03, 2026

CWE ID

CWE-22

Source

NVD

Vendor

ShaneIsrael

Product

fireshare

External References

https://github.com/ShaneIsrael/fireshare/commit/b76915607924756e6fa1a5f6c8823c38d611fb24
https://github.com/ShaneIsrael/fireshare/pull/520
https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.3
https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-fvvp-rj8g-c7gc

CVE-2026-34745

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment