← Voltar para CVEs
CVE-2026-30231
N/ADescricao
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the content, which is inconsistent with stricter checks used by other endpoints. This issue has been patched in version 1.7.2.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado3/6/2026
Ultima modificacao3/9/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-639
Referencias
https://github.com/FlintSH/Flare/security/advisories/GHSA-gwqr-xf5c-5569(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.