Home / Vulnerability Intelligence / CVE-2026-33329

CVE-2026-33329 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 24, 2026

FileRise - Path Traversal

Published: March 24, 2026Updated: March 24, 2026Remote Exploitable

Overview

FileRise 1.0.1 to < 3.10.0 contains a path traversal caused by unsanitized concatenation of resumableIdentifier parameter in UploadModel::handleUpload(), letting authenticated users with upload permission write and delete arbitrary files/directories, exploit requires authenticated upload permission.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Authenticated users with upload permission can write and delete arbitrary files/directories, potentially compromising server integrity and data.

Mitigation

Update to version 3.10.0 or later.

References

https://github.com/error311/FileRise/commit/3871f9fd1661688bed4f7dd23912be0ebf50973c
https://github.com/error311/FileRise/releases/tag/v3.10.0
https://github.com/error311/FileRise/security/advisories/GHSA-c2jm-4wp9-5vrh

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-33329
Severity: High
CVSS Score: 8.1
Type: path_traversal
Status: new

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H