CVE-2026-33071 - Vulnerability Analysis
MediumCVSS: 4.3Last Updated: March 23, 2026
FileRise - Remote Code Execution
Published: March 20, 2026Updated: March 23, 2026PoC AvailableRemote Exploitable
Overview
FileRise < 3.8.0 contains a remote code execution caused by lack of filename validation in WebDAV upload endpoint, letting remote attackers upload and execute server-side files, exploit requires non-default Apache configuration without LocationMatch protection.
Severity & Score
Severity: Medium
CVSS Score: 4.3
Impact
Remote attackers can execute arbitrary server-side code by uploading executable files via WebDAV, potentially leading to full server compromise.
Mitigation
Upgrade to version 3.8.0 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-33071
- Severity
- Medium
- CVSS Score
- 4.3
- Type
- remote_code_execution
- Status
- confirmed
CWE
- CWE-434
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N