VYPR
Unrated severityNVD Advisory· Published Mar 26, 2026· Updated Mar 26, 2026

FileRise has incorrect authorization in /api/file/snippet.php allows read_own users to read other users’ file content

CVE-2026-33477

Description

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint /api/file/snippet.php allows an authenticated user with only read_own access to a folder to retrieve snippet content from files uploaded by other users in the same folder. This is a server-side authorization flaw in the read_own enforcement for hover previews. Version 3.11.0 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Error311/Filerisellm-fuzzy2 versions
    >=2.3.7, <=3.10.0+ 1 more
    • (no CPE)range: >=2.3.7, <=3.10.0
    • (no CPE)range: >= 2.3.7, < 3.11.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.