Missing Authentication Vulnerability in FileRise Web File Manager
CVE-2026-33070

3.7LOW

Key Information:

Vendor: Error311
Status: Filerise
Vendor: CVE Published:; 20 March 2026

What is CVE-2026-33070?

FileRise, a self-hosted web file manager and WebDAV server, is susceptible to a missing authentication vulnerability in the deleteShareLink API endpoint. This flaw allows any anonymous user to delete arbitrary shared file links using only the share token, resulting in unavailability of shared file access. Notably, the absence of authentication, authorization, and CSRF validation in the POST /api/file/deleteShareLink.php request permits unauthorized link deletion. This vulnerability has been resolved in version 3.8.0 of FileRise.

Affected Version(s)

FileRise < 3.8.0

References

https://github.com/error311/FileRise/security/advisories/...

x_refsource_CONFIRM

https://github.com/error311/FileRise/releases/tag/v3.8.0

x_refsource_MISC

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2026
Vulnerability Reserved
Mar 17, 2026

CVE-2026-33070 Data

JSON

Error311

What is CVE-2026-33070?

Affected Version(s)

References

CVSS V3.1

Timeline