Description
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the content, which is inconsistent with stricter checks used by other endpoints. This issue has been patched in version 1.7.2.
Published: 2026-03-06
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access to private files
Action: Apply patch
AI Analysis

Impact

Flare, a Next.js‑based file sharing platform, allowed any authenticated user who knew a private file’s URL to retrieve that file through its raw and direct endpoints before version 1.7.2. This missing ownership check is an IDOR flaw (CWE‑639) that enables attackers to read private data they do not own, thereby breaching confidentiality.

Affected Systems

The affected product is FlintSH’s Flare file sharing platform. All versions prior to 1.7.2 are vulnerable because the raw and direct file routes only block unauthenticated users, not other authenticated users. No other vendors or products are listed as impacted.

Risk and Exploitability

The CVSS score is 6, indicating moderate severity, while the EPSS score is below 1 %, implying that exploitation is currently unlikely but not impossible. The vulnerability is not in CISA’s KEV catalog. An attacker must first be authenticated and obtain the file’s URL; no privileged access or additional conditions are required. The overall risk to an organization depends on user roles and the sensitivity of the stored files, but the exploitation likelihood remains low.

Generated by OpenCVE AI on April 17, 2026 at 12:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Flare 1.7.2 or later
  • Restrict access to raw and direct endpoints to authenticated users only and monitor for unauthorized file access
  • Implement monitoring for anomalous file access patterns

Generated by OpenCVE AI on April 17, 2026 at 12:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:flintsh:flare:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Mon, 09 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Flintsh
Flintsh flare
Vendors & Products Flintsh
Flintsh flare

Sat, 07 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

threat_severity

Moderate

Fri, 06 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Description Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the content, which is inconsistent with stricter checks used by other endpoints. This issue has been patched in version 1.7.2.
Title Flare: Private File IDOR via raw/direct endpoints
Weaknesses CWE-639
References
Metrics cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Flintsh Flare
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-09T20:54:28.901Z

Reserved: 2026-03-04T17:23:59.798Z

Link: CVE-2026-30231

cve-icon Vulnrichment

Updated: 2026-03-09T20:47:32.329Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-06T21:16:17.223

Modified: 2026-04-09T20:21:57.980

Link: CVE-2026-30231

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-06T21:10:41Z

Links: CVE-2026-30231 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:30:06Z

Weaknesses