Home / Vulnerability Intelligence / CVE-2026-33070

CVE-2026-33070 - Vulnerability Analysis

LowCVSS: 3.7

Last Updated: March 23, 2026

FileRise - Authentication Bypass

Published: March 20, 2026Updated: March 23, 2026PoC AvailableRemote Exploitable

Overview

FileRise < 3.8.0 contains a missing authentication vulnerability in the deleteShareLink endpoint, letting unauthenticated attackers delete arbitrary file share links causing denial of service, exploit requires knowledge of share token.

Severity & Score

Severity: Low

CVSS Score: 3.7

Impact

Unauthenticated attackers can delete file share links, causing denial of service to shared file access.

Mitigation

Update to version 3.8.0 or later.

References

https://github.com/error311/FileRise/releases/tag/v3.8.0
https://github.com/error311/FileRise/security/advisories/GHSA-vh5m-w36c-99xv

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-33070
Severity: Low
CVSS Score: 3.7
Type: broken_authentication
Status: confirmed

CWE

CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N