CVE-2026-33477 (GCVE-0-2026-33477)

Vulnerability from cvelistv5 – Published: 2026-03-26 17:09 – Updated: 2026-03-26 18:23
VLAI?
Title
FileRise has incorrect authorization in /api/file/snippet.php allows read_own users to read other users’ file content
Summary
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint `/api/file/snippet.php` allows an authenticated user with only `read_own` access to a folder to retrieve snippet content from files uploaded by other users in the same folder. This is a server-side authorization flaw in the `read_own` enforcement for hover previews. Version 3.11.0 fixes the issue.
Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Vendor Product Version
error311 FileRise Affected: >= 2.3.7, < 3.11.0
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33477",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T17:46:36.577852Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T18:23:47.892Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/error311/FileRise/security/advisories/GHSA-62wx-vp78-2p83"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FileRise",
          "vendor": "error311",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.3.7, \u003c 3.11.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint `/api/file/snippet.php` allows an authenticated user with only `read_own` access to a folder to retrieve snippet content from files uploaded by other users in the same folder. This is a server-side authorization flaw in the `read_own` enforcement for hover previews. Version 3.11.0 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-26T17:09:00.236Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/error311/FileRise/security/advisories/GHSA-62wx-vp78-2p83",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/error311/FileRise/security/advisories/GHSA-62wx-vp78-2p83"
        },
        {
          "name": "https://github.com/error311/FileRise/releases/tag/v3.11.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/error311/FileRise/releases/tag/v3.11.0"
        }
      ],
      "source": {
        "advisory": "GHSA-62wx-vp78-2p83",
        "discovery": "UNKNOWN"
      },
      "title": "FileRise has incorrect authorization in /api/file/snippet.php allows read_own users to read other users\u2019 file content"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33477",
    "datePublished": "2026-03-26T17:09:00.236Z",
    "dateReserved": "2026-03-20T16:16:48.970Z",
    "dateUpdated": "2026-03-26T18:23:47.892Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-33477",
      "date": "2026-04-23",
      "epss": "0.00031",
      "percentile": "0.09047"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-33477\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-26T18:16:29.580\",\"lastModified\":\"2026-03-31T12:38:12.703\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint `/api/file/snippet.php` allows an authenticated user with only `read_own` access to a folder to retrieve snippet content from files uploaded by other users in the same folder. This is a server-side authorization flaw in the `read_own` enforcement for hover previews. Version 3.11.0 fixes the issue.\"},{\"lang\":\"es\",\"value\":\"FileRise es un gestor de archivos autohospedado basado en web con carga de m\u00faltiples archivos, edici\u00f3n y operaciones por lotes. En las versiones 2.3.7 a la 3.10.0, el endpoint de fragmentos de archivo `/api/file/snippet.php` permite a un usuario autenticado con solo acceso \u0027read_own\u0027 a una carpeta recuperar contenido de fragmentos de archivos subidos por otros usuarios en la misma carpeta. Esto es una falla de autorizaci\u00f3n del lado del servidor en la aplicaci\u00f3n de \u0027read_own\u0027 para las vistas previas al pasar el rat\u00f3n. La versi\u00f3n 3.11.0 corrige el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:filerise:filerise:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.7\",\"versionEndExcluding\":\"3.11.0\",\"matchCriteriaId\":\"51D0BB82-B0E1-4A29-9C51-EA8DAE58105A\"}]}]}],\"references\":[{\"url\":\"https://github.com/error311/FileRise/releases/tag/v3.11.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/error311/FileRise/security/advisories/GHSA-62wx-vp78-2p83\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/error311/FileRise/security/advisories/GHSA-62wx-vp78-2p83\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33477\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-26T17:46:36.577852Z\"}}}], \"references\": [{\"url\": \"https://github.com/error311/FileRise/security/advisories/GHSA-62wx-vp78-2p83\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-26T17:46:56.313Z\"}}], \"cna\": {\"title\": \"FileRise has incorrect authorization in /api/file/snippet.php allows read_own users to read other users\\u2019 file content\", \"source\": {\"advisory\": \"GHSA-62wx-vp78-2p83\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"error311\", \"product\": \"FileRise\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 2.3.7, \u003c 3.11.0\"}]}], \"references\": [{\"url\": \"https://github.com/error311/FileRise/security/advisories/GHSA-62wx-vp78-2p83\", \"name\": \"https://github.com/error311/FileRise/security/advisories/GHSA-62wx-vp78-2p83\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/error311/FileRise/releases/tag/v3.11.0\", \"name\": \"https://github.com/error311/FileRise/releases/tag/v3.11.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint `/api/file/snippet.php` allows an authenticated user with only `read_own` access to a folder to retrieve snippet content from files uploaded by other users in the same folder. This is a server-side authorization flaw in the `read_own` enforcement for hover previews. Version 3.11.0 fixes the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-26T17:09:00.236Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-33477\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-26T18:23:47.892Z\", \"dateReserved\": \"2026-03-20T16:16:48.970Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-26T17:09:00.236Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.