← Back to CVEs
CVE-2026-30231
N/ADescription
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the content, which is inconsistent with stricter checks used by other endpoints. This issue has been patched in version 1.7.2.
CVE Details
CVSS v3.1 ScoreN/A
Published3/6/2026
Last Modified3/9/2026
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-639
References
https://github.com/FlintSH/Flare/security/advisories/GHSA-gwqr-xf5c-5569(security-advisories@github.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.