Executive Summary

CVE-2026-33477 is a server-side authorization flaw in the FileRise web-based file manager affecting versions 2.3.7 through 3.10.0. The vulnerability exists in the file snippet endpoint `/api/file/snippet.php`, which allows an authenticated user with only `read_own` access to a folder to retrieve snippet content from files uploaded by other users in the same folder.

The root cause is that the snippet endpoint checks folder-level permissions but fails to enforce a per-file ownership check when access is granted solely via `read_own`. This means users with limited read permissions can access snippet previews of files they do not own, violating user isolation.

This flaw is limited to snippet content exposure and does not allow full file download or modification. The issue was fixed in FileRise version 3.11.0 by enforcing per-file ownership checks consistent with other file access paths.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to a confidentiality breach by allowing users with only `read_own` folder permissions to access snippet content from files uploaded by other users within the same folder.

Although it does not allow full file downloads or modifications, unauthorized users can view partial content previews of confidential documents, potentially exposing sensitive information.

The impact is limited to confidentiality and does not affect file integrity or availability.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by testing the /api/file/snippet.php endpoint with an authenticated user account that has only read_own permissions on a folder. If the user can retrieve snippet content from files uploaded by other users in the same folder, the vulnerability is present.

A practical detection method is to perform an API request as a low-privilege user to the snippet endpoint for files not owned by that user and observe if snippet content is returned.

Example command using curl (replace placeholders accordingly):

• curl -i -H "Authorization: Bearer <user_token_with_read_own>" "https://<filerise_host>/api/file/snippet.php?file=<file_id_of_other_user>"

If the response contains snippet content from files not owned by the authenticated user, the system is vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade FileRise to version 3.11.0 or later, where this vulnerability is fixed by enforcing per-file ownership checks on the snippet endpoint.

If upgrading immediately is not possible, restrict access to the /api/file/snippet.php endpoint to trusted users only or disable the snippet preview feature temporarily to prevent unauthorized snippet retrieval.

Additionally, review and tighten folder permissions to minimize the number of users with read_own access until the patch can be applied.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows users with limited read_own permissions to access snippet content from files uploaded by other users within the same folder, leading to unauthorized exposure of confidential document contents.

Such unauthorized disclosure of partial file content can result in breaches of confidentiality requirements mandated by common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of personal or sensitive data.

Although the vulnerability does not allow full file download or modification, the exposure of snippet content still represents a confidentiality breach that could compromise compliance with these regulations.

Useful 0 Not Useful 0