Description
Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare’s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is used directly in filesystem path construction without sanitization or containment checks. This enables unauthorized file writes to attacker-chosen paths writable by the Fireshare process (e.g., container `/tmp`), violating integrity and potentially enabling follow-on attacks depending on deployment. Version 1.5.2 fixes the issue.
Published: 2026-03-26
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: Integrity compromise via arbitrary file write
Action: Apply Patch
AI Analysis

Impact

Fireshare allows an attacker who can authenticate to the system to craft a multipart request to the /api/uploadChunked endpoint that contains a "checkSum" field. The value of this field is concatenated directly into a filesystem path without any sanitization or containment checks, enabling a path traversal attack that writes an arbitrary file to any location writable by the Fireshare process. This breach of file system integrity can lead to placement of malicious executables, configuration manipulation, or other follow‑on attacks depending on how the application and host system are configured.

Affected Systems

The vulnerability affects ShaneIsrael's Fireshare product, specifically version 1.5.1. The release notes for version 1.5.2 contain a fix that removes the unsanitized path construction. Users running version 1.5.1 or earlier are at risk.

Risk and Exploitability

The CVSS score of 7.1 indicates a high impact severity, and while no EPSS score is available, the lack of exploitation evidence suggests moderate to high risk for compromised accounts. The vulnerability is not listed in CISA’s KEV catalog, implying it has not yet become a widely known exploit. Attackers require authenticated access to the Fireshare service to send the malicious payload, but once authenticated, they can deploy arbitrary files to writable locations such as /tmp in a container environment, potentially enabling file execution or persistent compromise.

Generated by OpenCVE AI on March 26, 2026 at 22:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Fireshare to version 1.5.2 or later
  • If an upgrade is unavailable, restrict the permissions of the Fireshare process so that it cannot write to unintended directories

Generated by OpenCVE AI on March 26, 2026 at 22:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Shaneisrael
Shaneisrael fireshare
Vendors & Products Shaneisrael
Shaneisrael fireshare

Thu, 26 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Description Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare’s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is used directly in filesystem path construction without sanitization or containment checks. This enables unauthorized file writes to attacker-chosen paths writable by the Fireshare process (e.g., container `/tmp`), violating integrity and potentially enabling follow-on attacks depending on deployment. Version 1.5.2 fixes the issue.
Title Fireshare has Path Traversal Arbitrary File Write in `/api/uploadChunked`
Weaknesses CWE-22
CWE-73
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L'}

Subscriptions

Shaneisrael Fireshare
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-26T20:58:21.521Z

Reserved: 2026-03-23T15:23:42.217Z

Link: CVE-2026-33645

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-26T21:17:07.940

Modified: 2026-03-26T21:17:07.940

Link: CVE-2026-33645

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:23:20Z

Weaknesses