Path Traversal Vulnerability in FileRise by Error311
CVE-2026-54414

9.3CRITICAL

Key Information:

Vendor

Error311

Status
Filerise
Vendor
CVE Published:
19 June 2026

What is CVE-2026-54414?

FileRise prior to version 3.16.0 is susceptible to a severe path traversal vulnerability in the shared-folder upload endpoint, allowing unauthorized file writing and potential administrator account takeover. The vulnerability arises from inadequate validation of the upload filename, which permits URL-encoded sequences to bypass security mechanisms. An attacker with valid access to an upload-enabled shared-folder link can exploit this weakness to overwrite sensitive files and gain unauthorized administrative access. This flaw has been addressed in version 3.16.0, which incorporates enhanced validation by rejecting path separators before processing uploads.

Affected Version(s)

FileRise 0 < 3.16.0

References

https://github.com/error311/FileRise/releases/tag/v3.16.0
patch
https://github.com/error311/FileRise/blob/v3.15.0/src/Fil...
technical-description
https://github.com/error311/FileRise
product

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Shaxzod Turg'unov (j33d1)
.