CVE-2026-33330

Name of the Vulnerable Software and Affected Versions FileRise versions prior to 3.10.0

Description FileRise is a self-hosted web file manager and WebDAV server. A flaw in the access control mechanism within FileRise’s ONLYOFFICE integration permits an authenticated user with read-only permissions to acquire a signed save callbackUrl for a file. Subsequently, this allows the attacker to manipulate the ONLYOFFICE save callback and overwrite the file with content they control. The affected component is the ONLYOFFICE integration. The vulnerable parameter is the callbackUrl.

Recommendations Update to version 3.10.0 or later.