VYPR
Unrated severityNVD Advisory· Published Mar 24, 2026· Updated Mar 24, 2026

FileRise ONLYOFFICE integration allows read-only users to overwrite files via forged save callback

CVE-2026-33330

Description

FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and then directly forge the ONLYOFFICE save callback to overwrite that file with attacker-controlled content. This issue has been patched in version 3.10.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Error311/Filerisellm-fuzzy2 versions
    <3.10.0+ 1 more
    • (no CPE)range: <3.10.0
    • (no CPE)range: < 3.10.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.