Description
FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and then directly forge the ONLYOFFICE save callback to overwrite that file with attacker-controlled content. This issue has been patched in version 3.10.0.
Published: 2026-03-24
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized modification of files through forged ONLYOFFICE callbacks
Action: Patch immediately
AI Analysis

Impact

FileRise exposes a broken access control flaw in its ONLYOFFICE integration that allows an authenticated user with read‑only permissions to retrieve a signed save callback URL for any file the user can view. An attacker can then forge this callback and force the server to overwrite the target file with content controlled by the attacker. This results in a loss of integrity for the affected file and could enable further compromise if the overwritten content references or embeds malicious payloads. The vulnerability is exemplified by CWE‑863, which indicates missing or inadequate access checks during critical operations.

Affected Systems

The vulnerability affects the FileRise self‑hosted web file manager and WebDAV server. All releases prior to version 3.10.0 are vulnerable. Only the versions after the 3.10.0 release have applied the patch that eliminates the flaw.

Risk and Exploitability

The CVSS score of 7.1 classifies the issue as high severity, but the EPSS value of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack scenario requires the attacker to be logged in with read‑only privileges and to manipulate a signed callback URL, so the presumed attack vector is authenticated remote exploitation. Even with the low EPSS, the potential for file corruption or further lateral movement warrants prompt attention.

Generated by OpenCVE AI on March 26, 2026 at 14:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FileRise to version 3.10.0 or newer where the flaw is fixed
  • Confirm that ONLYOFFICE integration is correctly configured and that signed callback URLs are validated on the server side
  • Monitor logs for attempted save callback operations and block suspicious activity

Generated by OpenCVE AI on March 26, 2026 at 14:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Filerise
Filerise filerise
CPEs cpe:2.3:a:filerise:filerise:*:*:*:*:*:*:*:*
Vendors & Products Filerise
Filerise filerise

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Error311
Error311 filerise
Vendors & Products Error311
Error311 filerise

Tue, 24 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
Description FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and then directly forge the ONLYOFFICE save callback to overwrite that file with attacker-controlled content. This issue has been patched in version 3.10.0.
Title FileRise ONLYOFFICE integration allows read-only users to overwrite files via forged save callback
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N'}

Subscriptions

Error311 Filerise
Filerise Filerise
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-24T20:07:58.035Z

Reserved: 2026-03-18T21:23:36.678Z

Link: CVE-2026-33330

cve-icon Vulnrichment

Updated: 2026-03-24T20:06:41.844Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-24T20:16:28.387

Modified: 2026-03-26T11:58:39.460

Link: CVE-2026-33330

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:20:39Z

Weaknesses