FileRise: Path Traversal in `resumableIdentifier` Leading to Arbitrary File Write,...

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Description

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler (UploadModel::handleUpload()) is concatenated directly into filesystem paths without any sanitization. An authenticated user with upload permission can exploit this to write files to arbitrary directories on the server, delete arbitrary directories via the post-assembly cleanup, and probe file/directory existence. This issue has been patched in version 3.10.0.

Basic Information

ID CVE-2026-33329

Source GitHub_M

Published Mar 24, 2026 at 19:14

Modified Mar 25, 2026 at 16:20

Affected Product

Vendor error311

Product FileRise

Version >= 1.0.1, < 3.10.0

Affected Versions error311 FileRise >= 1.0.1, < 3.10.0

CWE Classification

CWE-22 CWE-73

References

{
    "lastseen": "",
    "description": "FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler (UploadModel::handleUpload()) is concatenated directly into filesystem paths without any sanitization. An authenticated user with upload permission can exploit this to write files to arbitrary directories on the server, delete arbitrary directories via the post-assembly cleanup, and probe file/directory existence. This issue has been patched in version 3.10.0.",
    "published": "2026-03-24T19:14:42.771Z",
    "modified": "2026-03-25T16:20:07.262Z",
    "type": "cve",
    "title": "FileRise: Path Traversal in `resumableIdentifier` Leading to Arbitrary File Write, Recursive Directory Deletion, and Limited Existence Oracle",
    "source": "GitHub_M",
    "references": "https://github.com/error311/FileRise/security/advisories/GHSA-c2jm-4wp9-5vrh\nhttps://github.com/error311/FileRise/commit/3871f9fd1661688bed4f7dd23912be0ebf50973c\nhttps://github.com/error311/FileRise/releases/tag/v3.10.0",
    "id": "CVE-2026-33329",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22",
        "CWE-73"
    ],
    "cvelist": null,
    "sourceData": "error311 FileRise >= 1.0.1, < 3.10.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FileRise",
    "version": ">= 1.0.1, < 3.10.0",
    "vendor": "error311",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

FileRise: Path Traversal in `resumableIdentifier` Leading to Arbitrary File Write, Recursive Directory Deletion, and Limited Existence Oracle_CVE-2026-33329