CVE-2026-34745
Arbitrary File Write in Fireshare Public Upload Endpoint
Publication date: 2026-04-02
Last updated on: 2026-04-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| shaneisrael | fireshare | to 1.5.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34745 is a critical path traversal vulnerability in the Fireshare application affecting the unauthenticated public upload endpoint (/api/uploadChunked/public). The vulnerability arises because the checkSum parameter, used to construct the file path for uploaded files, is not properly sanitized or validated. This allows an attacker to craft malicious checkSum values containing directory traversal sequences (like "../") to write arbitrary files with attacker-controlled content to any writable location on the server filesystem without authentication.
The issue was that while the authenticated upload endpoint sanitized the checkSum parameter and enforced path traversal protections, the public upload endpoint did not, enabling unauthorized directory traversal during file uploads.
This vulnerability was fixed in version 1.5.3 by sanitizing the checkSum parameter to allow only alphanumeric characters, underscores, and hyphens, validating the uploaded file, and verifying that the resolved file path stays within the intended upload directory.
How can this vulnerability impact me? :
This vulnerability allows an unauthenticated attacker to write arbitrary files anywhere on the server's filesystem where the application has write permissions. The attacker can control both the file path and the file content.
- Potential remote code execution by overwriting critical application files such as Python modules.
- Denial of service by overwriting or corrupting important application or system files.
- Complete compromise of the server's integrity and availability due to unauthorized file writes.
Because no authentication is required to exploit this vulnerability, the risk and impact are significantly higher.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or suspicious POST requests to the unauthenticated endpoint /api/uploadChunked/public that include crafted checkSum parameters containing path traversal sequences such as "../".
You can look for HTTP POST requests with unusual checkSum values that attempt to write files outside the intended upload directory.
Example commands to detect potential exploitation attempts include:
- Using grep on web server logs to find suspicious POST requests: grep -i 'POST /api/uploadChunked/public' /var/log/nginx/access.log | grep '\.\./'
- Using tcpdump or Wireshark to capture and filter HTTP POST requests to the vulnerable endpoint and inspect the checkSum parameter for path traversal patterns.
- Using intrusion detection systems (IDS) or web application firewalls (WAF) to alert on path traversal patterns in POST parameters targeting /api/uploadChunked/public.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Fireshare to version 1.5.3 or later, which includes the patch that sanitizes the checkSum parameter and implements path traversal protections on the public upload endpoint.
If upgrading immediately is not possible, consider temporarily disabling the public upload feature or the /api/uploadChunked/public endpoint to prevent unauthenticated uploads.
Additionally, monitor and block suspicious requests that attempt path traversal via the checkSum parameter.
Ensure that the server filesystem permissions restrict write access only to intended directories to limit the impact of any exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-34745 allows unauthenticated attackers to write arbitrary files with attacker-controlled content to any writable path on the server filesystem. This can lead to unauthorized modification or overwriting of critical files, potentially resulting in remote code execution or denial of service.
Such unauthorized file writes and potential system compromise can lead to violations of data integrity and availability requirements found in common standards and regulations like GDPR and HIPAA. For example, GDPR mandates appropriate security measures to protect personal data from unauthorized alteration or destruction, and HIPAA requires safeguards to ensure the integrity and availability of electronic protected health information.
Therefore, if exploited, this vulnerability could cause non-compliance with these regulations by enabling attackers to compromise system integrity and availability, potentially exposing sensitive data or disrupting services.