FlintSH's Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions prior to 1.7.2 contain an authorization bypass vulnerability identified as CVE-2026-30231, categorized under CWE-639. The vulnerability arises because the raw and direct file access routes enforce only unauthenticated user blocking, but do not verify that an authenticated user requesting a private file is the owner or otherwise authorized. Consequently, any authenticated user who knows the URL of a private file can retrieve its contents, circumventing intended access controls. This inconsistency contrasts with other endpoints in Flare that implement stricter authorization checks. The vulnerability has a CVSS 4.0 base score of 6.0, reflecting network exploitability with low attack complexity, requiring privileges (authenticated user), no user interaction, and high impact on confidentiality. The flaw does not affect integrity or availability. No known exploits are reported in the wild as of publication. The issue was addressed in Flare version 1.7.2 by enforcing proper authorization checks on raw and direct file routes, ensuring only file owners or authorized users can access private files. This vulnerability highlights the risk of inconsistent authorization logic in web applications, especially in self-hosted platforms where users may deploy older versions.

The primary impact of CVE-2026-30231 is unauthorized disclosure of private files to any authenticated user within the same Flare instance. This can lead to sensitive data leakage, violating confidentiality and potentially exposing proprietary, personal, or regulated information. Since exploitation requires authentication, the threat is limited to insiders or users with valid accounts, but in multi-tenant or shared environments, this can be significant. Attackers could leverage this flaw to access files they should not see, undermining trust in the platform and possibly leading to compliance violations (e.g., GDPR, HIPAA). The vulnerability does not allow modification or deletion of files, so integrity and availability impacts are minimal. However, the exposure of sensitive data could facilitate further attacks or social engineering. Organizations using Flare for internal or external file sharing must consider the risk of unauthorized data access and potential reputational damage. The lack of known exploits reduces immediate risk, but the ease of exploitation once authenticated and the widespread use of self-hosted platforms increase the threat over time.

The most effective mitigation is to upgrade Flare to version 1.7.2 or later, where the vulnerability is patched with proper authorization enforcement on all file access routes. Until upgrading, organizations should restrict access to the Flare instance to trusted users only and monitor authenticated user activity for suspicious file access patterns. Implement network-level access controls such as VPN or IP whitelisting to limit exposure. Additionally, review and audit file sharing permissions and URLs to ensure sensitive files are not accessible via guessable or leaked URLs. Employ logging and alerting on file access events to detect potential abuse. If upgrading is not immediately possible, consider disabling raw and direct file routes or applying custom authorization middleware to enforce ownership checks. Educate users about the risk of sharing file URLs and enforce strong authentication mechanisms to reduce the risk of compromised accounts being used to exploit this vulnerability.