CVE-2026-34745 in ShaneIsrael fireshareinfo

Summary

Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file (app/server/fireshare/api.py). An unauthenticated attacker can exploit the checkSum parameter to write arbitrary files with attacker-controlled content to any writable path on the server filesystem. This issue has been patched in version 1.5.3.

Responsible

GitHub_M

Reservation

03/30/2026

Disclosure

04/02/2026

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
355025	ShaneIsrael fireshare Endpoint uploadChunked path traversal	22	Not defined	Official fix	CVE-2026-34745

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!