CVE-2026-33330

Published: Mar 24, 2026 Last Modified: Mar 24, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: high

Availability: none

Description

AI Translation Available

FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and then directly forge the ONLYOFFICE save callback to overwrite that file with attacker-controlled content. This issue has been patched in version 3.10.0.

863

Incorrect Authorization

Incomplete

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control Availability

Potential Impacts:

Read Application Data Read Files Or Directories Modify Application Data Modify Files Or Directories Gain Privileges Or Assume Identity Bypass Protection Mechanism Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other)

Applicable Platforms

Technologies: Database Server, Not Technology-Specific, Web Server

Likelihood of Exploit: High

View CWE Details

https://github.com/error311/FileRise/commit/3871f9fd1661688…

https://github.com/error311/FileRise/commit/3871f9fd1661688bed4f7dd23912be0ebf5…

https://github.com/error311/FileRise/releases/tag/v3.10.0

https://github.com/error311/FileRise/security/advisories/GH…

https://github.com/error311/FileRise/security/advisories/GHSA-6c3j-f4x4-36m3

CVE-2026-33330

Description

Incorrect Authorization

Common Consequences

Applicable Platforms

Iscriviti alla newsletter