Description

Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file (app/server/fireshare/api.py). An unauthenticated attacker can exploit the checkSum parameter to write arbitrary files with attacker-controlled content to any writable path on the server filesystem. This issue has been patched in version 1.5.3.

INFO

Published Date :

2026-04-02T18:38:17.626Z

Last Modified :

2026-04-02T19:15:43.377Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34745 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34745.

URL Resource
https://github.com/ShaneIsrael/fireshare/commit/b76915607924756e6fa1a5f6c8823c38d611fb24 cve-icon cve-icon
https://github.com/ShaneIsrael/fireshare/pull/520 cve-icon cve-icon
https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.3 cve-icon cve-icon
https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-fvvp-rj8g-c7gc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact