top of page
perceptive_background_267k.jpg

FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows a…

Published:

23 maart 2026 om 23:00:00

Alert date:

24 maart 2026 om 21:04:18

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Identity & Access

A broken access control vulnerability in FileRise's ONLYOFFICE integration allows authenticated users with read-only permissions to escalate privileges and overwrite files. The vulnerability exists in FileRise versions prior to 3.10.0, where users can obtain signed save callback URLs and forge ONLYOFFICE save callbacks to write attacker-controlled content. FileRise is a self-hosted web file manager and WebDAV server. The issue has been patched in version 3.10.0.

Technical details

Mitigation steps:

Affected products:

FileRise
ONLYOFFICE

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-33330
https://github.com/error311/FileRise/commit/3871f9fd1661688bed4f7dd23912be0ebf50973c
https://github.com/error311/FileRise/releases/tag/v3.10.0
https://github.com/error311/FileRise/security/advisories/GHSA-6c3j-f4x4-36m3

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page