Unauthenticated File Read Vulnerability in FileRise Web File Manager
CVE-2026-25231

7.5HIGH

Key Information:

Vendor: Error311
Status: Filerise
Vendor: CVE Published:; 9 February 2026

What is CVE-2026-25231?

FileRise, a self-hosted web file manager and WebDAV server, is affected by an unauthenticated file read vulnerability that allows unauthorized users to access files in the /uploads directory. Due to the absence of adequate access controls, anyone who is aware of or can deduce the specific file path can retrieve sensitive data without needing to log in. This security flaw raises significant privacy concerns as it can lead to the exposure of confidential information. The issue has been addressed in version 3.3.0, urging users to upgrade for enhanced security.

Affected Version(s)

FileRise < 3.3.0

References

https://github.com/error311/FileRise/security/advisories/...

x_refsource_CONFIRM

https://github.com/error311/FileRise/releases/tag/v3.3.0

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 9, 2026
Vulnerability Reserved
Jan 30, 2026

CVE-2026-25231 Data

JSON

Error311

What is CVE-2026-25231?

Affected Version(s)

References

CVSS V3.1

Timeline