CVE-2026-33645
Received Received - Intake
Authenticated Path Traversal in Fireshare 1.5.1 Allows Arbitrary File Write

Publication date: 2026-03-26

Last updated on: 2026-03-30

Assigner: GitHub, Inc.

Description
Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare’s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is used directly in filesystem path construction without sanitization or containment checks. This enables unauthorized file writes to attacker-chosen paths writable by the Fireshare process (e.g., container `/tmp`), violating integrity and potentially enabling follow-on attacks depending on deployment. Version 1.5.2 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-03-30
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33645
EUVD
EUVD-2026-16416
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
shaneisrael fireshare 1.5.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-33645 is an authenticated path traversal vulnerability in Fireshare version 1.5.1, specifically in the chunked upload endpoint `/api/uploadChunked`.

The vulnerability occurs because the multipart form field `checkSum` is used directly to construct filesystem paths without any sanitization, normalization, or containment checks.

This allows an attacker who is authenticated to craft `checkSum` values containing path traversal sequences (like `../../../../tmp/poc.bin`), enabling them to write arbitrary files outside the intended upload directory to any writable location accessible by the Fireshare process.

The flaw violates file integrity and can potentially enable further attacks depending on the deployment context.

The issue was fixed in Fireshare version 1.5.2 by presumably adding proper path validation and containment checks.

Impact Analysis

This vulnerability allows an authenticated attacker to write arbitrary files to locations outside the intended upload directory, anywhere writable by the Fireshare process.

Such unauthorized file writes violate the integrity of the system and may enable follow-on attacks, such as placing malicious files in sensitive locations or manipulating application behavior.

Because the attacker only needs a valid user session (low privileges required), the risk is significant in environments where Fireshare is deployed.

The vulnerability has a CVSS v3.1 base score of 7.1 (High), indicating a serious impact on integrity and a low attack complexity.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious authenticated requests to the `/api/uploadChunked` endpoint that include path traversal sequences in the `checkSum` multipart form field.

For example, look for requests where the `checkSum` value contains sequences like `../` or `../../` which indicate attempts to write files outside the intended upload directory.

You can use network monitoring tools or web server logs to search for such patterns.

  • Use grep or similar tools on server logs to find suspicious uploads: `grep -r --include="*.log" "checkSum=.*\.\.\/" /var/log/fireshare/`
  • Inspect HTTP requests with tools like Wireshark or a web application firewall (WAF) to detect multipart form data containing path traversal sequences in the `checkSum` field.
  • If you have access to the Fireshare server, check the filesystem for unexpected `.partNNNN` files outside the upload directory, especially in writable locations like `/tmp`.
Mitigation Strategies

The immediate mitigation step is to upgrade Fireshare to version 1.5.2 or later, where this vulnerability has been fixed by adding proper path validation and containment checks.

If upgrading immediately is not possible, restrict access to the `/api/uploadChunked` endpoint to trusted authenticated users only and monitor for suspicious activity.

Additionally, consider implementing network-level controls such as firewall rules or web application firewall (WAF) rules to block requests containing path traversal patterns in the `checkSum` field.

Review and restrict filesystem permissions to limit writable locations accessible by the Fireshare process, reducing the impact of potential exploitation.

Compliance Impact

CVE-2026-33645 allows authenticated attackers to write arbitrary files outside the intended upload directory due to a path traversal vulnerability. This unauthorized file write can violate data integrity and potentially enable further attacks depending on deployment context.

While the provided information does not explicitly mention compliance with standards such as GDPR or HIPAA, the integrity violation and potential for unauthorized file manipulation could lead to non-compliance with regulations that require data integrity, access controls, and protection against unauthorized data modification.

Organizations using affected versions of Fireshare (1.5.1) may risk violating these standards if the vulnerability is exploited, especially if sensitive or regulated data is involved, until the issue is remediated by upgrading to version 1.5.2.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33645. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart