CVE-2026-34745 in fireshare
요약 (영어)
Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file (app/server/fireshare/api.py). An unauthenticated attacker can exploit the checkSum parameter to write arbitrary files with attacker-controlled content to any writable path on the server filesystem. This issue has been patched in version 1.5.3.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
책임이 있는
GitHub_M
예약하다
2026. 03. 30.
공개
2026. 04. 02.
상태
확인됨
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 355025 | ShaneIsrael fireshare Endpoint uploadChunked 디렉토리 순회 | 22 | 정의되지 않음 | 공식 수정 | CVE-2026-34745 |