Description

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to shared file access. The POST /api/file/deleteShareLink.php endpoint calls FileController::deleteShareLink() which performs no authentication, authorization, or CSRF validation before deleting a share link. Any anonymous HTTP client can destroy share links. This issue is fixed in version 3.8.0.

INFO

Published Date :

2026-03-20T08:25:07.081Z

Last Modified :

2026-03-25T13:49:07.436Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-33070 vulnerability.

Vendors Products
Error311
  • Filerise
Filerise
  • Filerise
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33070.

URL Resource
https://github.com/error311/FileRise/releases/tag/v3.8.0 cve-icon cve-icon
https://github.com/error311/FileRise/security/advisories/GHSA-vh5m-w36c-99xv cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact