Home / Vulnerability Intelligence / CVE-2026-34745

CVE-2026-34745 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 2, 2026

Fireshare - Unrestricted File Upload

Published: April 2, 2026Updated: April 2, 2026Remote Exploitable

Overview

Fireshare < 1.5.3 contains an unrestricted file upload caused by improper validation of the checkSum parameter in the unauthenticated /api/uploadChunked/public endpoint, letting unauthenticated attackers write arbitrary files to the server filesystem.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Unauthenticated attackers can write arbitrary files to the server, potentially leading to remote code execution or system compromise.

Mitigation

Update to version 1.5.3 or later.

References

https://github.com/ShaneIsrael/fireshare/commit/b76915607924756e6fa1a5f6c8823c38d611fb24
https://github.com/ShaneIsrael/fireshare/pull/520
https://github.com/ShaneIsrael/fireshare/releases/tag/v1.5.3
https://github.com/ShaneIsrael/fireshare/security/advisories/GHSA-fvvp-rj8g-c7gc

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34745
Severity: Critical
CVSS Score: 9.1
Type: unrestricted_file_upload
Status: new

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H