Description
Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare’s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is used directly in filesystem path construction without sanitization or containment checks. This enables unauthorized file writes to attacker-chosen paths writable by the Fireshare process (e.g., container `/tmp`), violating integrity and potentially enabling follow-on attacks depending on deployment. Version 1.5.2 fixes the issue.
Published: 2026-03-26
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Untrusted file write leading to integrity compromise
Action: Immediate Patch
AI Analysis

Impact

Fireshare 1.5.1 contains an authenticated path‑traversal flaw in its chunked upload endpoint. The checkSum multipart field is concatenated directly into a filesystem path without sanitization, allowing a logged‑in user to write files to arbitrary locations that the Fireshare process can reach, such as /tmp in a container. This can be used to overwrite configuration files, deploy malicious scripts or binaries, and ultimately break the integrity of the deployment. The vulnerability itself does not grant remote code execution directly but it provides a vehicle for follow‑on attacks if attacker code is placed in a web‑executable location.

Affected Systems

The affected product is Fireshare by ShaneIsrael, version 1.5.1. All installations running this exact version are vulnerable. The vulnerability was fixed in release 1.5.2; no other versions are listed as affected.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity due to the potential for destructive writes and subsequent exploitation. The EPSS score of less than 1 % suggests that the probability of public exploitation is currently low. The issue is not listed in CISA’s KEV catalog. Because the exploit requires authentication, the attack vector is likely internal or requires an attacker already able to reach the application. If privileged file permissions exist, an attacker who can write to sensitive paths could gain local code execution or other privilege escalation.

Generated by OpenCVE AI on March 30, 2026 at 19:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Fireshare to version 1.5.2 or later, which sanitizes the upload path.
  • If an upgrade is not immediately possible, restrict authentication to the `/api/uploadChunked` endpoint or disable the endpoint entirely.
  • Ensure the filesystem permissions of the application’s upload directory and the broader environment do not allow arbitrary writes to sensitive locations.
  • Monitor the file system for unexpected new files or modifications in directories that should not be writable by the application.

Generated by OpenCVE AI on March 30, 2026 at 19:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:shaneisrael:fireshare:1.5.1:*:*:*:*:*:*:*

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Shaneisrael
Shaneisrael fireshare
Vendors & Products Shaneisrael
Shaneisrael fireshare

Thu, 26 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Description Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare’s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is used directly in filesystem path construction without sanitization or containment checks. This enables unauthorized file writes to attacker-chosen paths writable by the Fireshare process (e.g., container `/tmp`), violating integrity and potentially enabling follow-on attacks depending on deployment. Version 1.5.2 fixes the issue.
Title Fireshare has Path Traversal Arbitrary File Write in `/api/uploadChunked`
Weaknesses CWE-22
CWE-73
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L'}

Subscriptions

Shaneisrael Fireshare
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-27T20:01:09.752Z

Reserved: 2026-03-23T15:23:42.217Z

Link: CVE-2026-33645

cve-icon Vulnrichment

Updated: 2026-03-27T14:30:50.933Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T21:17:07.940

Modified: 2026-03-30T18:12:01.663

Link: CVE-2026-33645

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T20:57:24Z

Weaknesses