CVE-2026-33645

Name of the Vulnerable Software and Affected Versions Fireshare versions prior to 1.5.2

Description Fireshare facilitates self-hosted media and link sharing. Version 1.5.1 contains an authenticated path traversal vulnerability in the chunked upload endpoint. The checkSum multipart field is used directly in filesystem path construction without sanitization or containment checks. This allows an attacker to write arbitrary files to attacker-chosen paths writable by the Fireshare process, such as the /tmp container, potentially enabling follow-on attacks depending on deployment. This compromises the integrity of the system.

Recommendations Update to version 1.5.2 or later.