{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T23:27:13.760","vulnerabilities":[{"cve":{"id":"CVE-2026-33477","sourceIdentifier":"security-advisories@github.com","published":"2026-03-26T18:16:29.580","lastModified":"2026-03-31T12:38:12.703","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint `/api/file/snippet.php` allows an authenticated user with only `read_own` access to a folder to retrieve snippet content from files uploaded by other users in the same folder. This is a server-side authorization flaw in the `read_own` enforcement for hover previews. Version 3.11.0 fixes the issue."},{"lang":"es","value":"FileRise es un gestor de archivos autohospedado basado en web con carga de múltiples archivos, edición y operaciones por lotes. En las versiones 2.3.7 a la 3.10.0, el endpoint de fragmentos de archivo `/api/file/snippet.php` permite a un usuario autenticado con solo acceso 'read_own' a una carpeta recuperar contenido de fragmentos de archivos subidos por otros usuarios en la misma carpeta. Esto es una falla de autorización del lado del servidor en la aplicación de 'read_own' para las vistas previas al pasar el ratón. La versión 3.11.0 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:filerise:filerise:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.7","versionEndExcluding":"3.11.0","matchCriteriaId":"51D0BB82-B0E1-4A29-9C51-EA8DAE58105A"}]}]}],"references":[{"url":"https://github.com/error311/FileRise/releases/tag/v3.11.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/error311/FileRise/security/advisories/GHSA-62wx-vp78-2p83","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/error311/FileRise/security/advisories/GHSA-62wx-vp78-2p83","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}}]}