CVE-2026-32108: CWE-863: Incorrect Authorization in 9001 copyparty
CVE-2026-32108 is an authorization vulnerability in copyparty versions prior to 1. 20. 12 affecting the shares feature when used with FTP or SFTP servers made publicly accessible. It allows an authenticated user browsing a shared single file via FTP/SFTP to guess or brute force sibling filenames in the same folder and gain unauthorized read access to those files. This vulnerability does not permit access to subdirectories and only applies under specific configurations involving the shares feature and FTP/SFTP protocols. It is similar to a previously fixed HTTP/HTTPS vulnerability but was not addressed for FTP until this fix. The CVSS score is low (2. 3), reflecting limited impact and exploitation complexity. No known exploits are reported in the wild. The issue is fixed in copyparty version 1.
AI Analysis
Technical Summary
Copyparty is a portable file server that prior to version 1.20.12 contained an incorrect authorization vulnerability (CWE-863) identified as CVE-2026-32108. This flaw arises from a missing permission check in the shares feature's 'shr' global option when creating a share of a single file inside a folder. The vulnerability manifests only if the FTP or SFTP server is enabled and publicly accessible, and the share is accessed through FTP or SFTP protocols (not HTTP/HTTPS). Under these conditions, an authenticated user browsing the shared single file can enumerate sibling files in the same directory by guessing or brute forcing filenames, thereby gaining unauthorized read access to these files. The vulnerability does not allow traversal into subdirectories, limiting exposure to sibling files only. This issue is analogous to CVE-2025-58753, which was previously fixed for HTTP/HTTPS but not for FTP. At the time, FTPS was not implemented, so it was not affected. The vulnerability has a CVSS 4.0 base score of 2.3, indicating low severity due to limited impact and the requirement for at least low privileges and authentication. No known exploits have been reported in the wild. The vulnerability is resolved in copyparty version 1.20.12 by adding the necessary permission checks for FTP and SFTP shares.
Potential Impact
The primary impact of CVE-2026-32108 is unauthorized disclosure of files within a shared folder on copyparty servers configured with FTP or SFTP and publicly accessible shares of single files. Attackers with authenticated access to a shared file can enumerate and read sibling files by guessing filenames, potentially exposing sensitive or confidential information. However, the inability to access subdirectories limits the scope of data exposure. Since exploitation requires the shares feature to be used in a specific way and FTP/SFTP to be publicly accessible, the attack surface is relatively narrow. Organizations using copyparty for public file sharing over FTP/SFTP may face data leakage risks if they have not updated to version 1.20.12. The vulnerability does not allow modification or deletion of files, nor does it affect availability, so integrity and availability impacts are minimal. Overall, the risk is low but could be significant if sensitive files are exposed in shared folders accessible via FTP/SFTP.
Mitigation Recommendations
To mitigate CVE-2026-32108, organizations should immediately upgrade copyparty to version 1.20.12 or later, where the missing permission checks have been implemented. If upgrading is not immediately feasible, administrators should disable the shares feature or avoid sharing single files within folders when using FTP or SFTP servers. Restrict FTP and SFTP access to trusted networks or authenticated users only, and avoid making these services publicly accessible. Implement strong filename policies and monitoring to detect brute force or enumeration attempts on shared folders. Additionally, consider disabling FTP/SFTP if HTTP/HTTPS sharing suffices, as the vulnerability does not affect those protocols post prior fixes. Regularly audit shared folder configurations and access logs to identify unauthorized access attempts. Employ network segmentation and firewall rules to limit exposure of copyparty servers to untrusted networks.
Affected Countries
United States, Germany, United Kingdom, France, Canada, Australia, Netherlands, Japan, South Korea, Sweden
CVE-2026-32108: CWE-863: Incorrect Authorization in 9001 copyparty
Description
CVE-2026-32108 is an authorization vulnerability in copyparty versions prior to 1. 20. 12 affecting the shares feature when used with FTP or SFTP servers made publicly accessible. It allows an authenticated user browsing a shared single file via FTP/SFTP to guess or brute force sibling filenames in the same folder and gain unauthorized read access to those files. This vulnerability does not permit access to subdirectories and only applies under specific configurations involving the shares feature and FTP/SFTP protocols. It is similar to a previously fixed HTTP/HTTPS vulnerability but was not addressed for FTP until this fix. The CVSS score is low (2. 3), reflecting limited impact and exploitation complexity. No known exploits are reported in the wild. The issue is fixed in copyparty version 1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Copyparty is a portable file server that prior to version 1.20.12 contained an incorrect authorization vulnerability (CWE-863) identified as CVE-2026-32108. This flaw arises from a missing permission check in the shares feature's 'shr' global option when creating a share of a single file inside a folder. The vulnerability manifests only if the FTP or SFTP server is enabled and publicly accessible, and the share is accessed through FTP or SFTP protocols (not HTTP/HTTPS). Under these conditions, an authenticated user browsing the shared single file can enumerate sibling files in the same directory by guessing or brute forcing filenames, thereby gaining unauthorized read access to these files. The vulnerability does not allow traversal into subdirectories, limiting exposure to sibling files only. This issue is analogous to CVE-2025-58753, which was previously fixed for HTTP/HTTPS but not for FTP. At the time, FTPS was not implemented, so it was not affected. The vulnerability has a CVSS 4.0 base score of 2.3, indicating low severity due to limited impact and the requirement for at least low privileges and authentication. No known exploits have been reported in the wild. The vulnerability is resolved in copyparty version 1.20.12 by adding the necessary permission checks for FTP and SFTP shares.
Potential Impact
The primary impact of CVE-2026-32108 is unauthorized disclosure of files within a shared folder on copyparty servers configured with FTP or SFTP and publicly accessible shares of single files. Attackers with authenticated access to a shared file can enumerate and read sibling files by guessing filenames, potentially exposing sensitive or confidential information. However, the inability to access subdirectories limits the scope of data exposure. Since exploitation requires the shares feature to be used in a specific way and FTP/SFTP to be publicly accessible, the attack surface is relatively narrow. Organizations using copyparty for public file sharing over FTP/SFTP may face data leakage risks if they have not updated to version 1.20.12. The vulnerability does not allow modification or deletion of files, nor does it affect availability, so integrity and availability impacts are minimal. Overall, the risk is low but could be significant if sensitive files are exposed in shared folders accessible via FTP/SFTP.
Mitigation Recommendations
To mitigate CVE-2026-32108, organizations should immediately upgrade copyparty to version 1.20.12 or later, where the missing permission checks have been implemented. If upgrading is not immediately feasible, administrators should disable the shares feature or avoid sharing single files within folders when using FTP or SFTP servers. Restrict FTP and SFTP access to trusted networks or authenticated users only, and avoid making these services publicly accessible. Implement strong filename policies and monitoring to detect brute force or enumeration attempts on shared folders. Additionally, consider disabling FTP/SFTP if HTTP/HTTPS sharing suffices, as the vulnerability does not affect those protocols post prior fixes. Regularly audit shared folder configurations and access logs to identify unauthorized access attempts. Employ network segmentation and firewall rules to limit exposure of copyparty servers to untrusted networks.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-10T22:02:38.854Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69b1d0c22f860ef943757528
Added to database: 3/11/2026, 8:29:54 PM
Last enriched: 3/19/2026, 2:22:26 AM
Last updated: 4/28/2026, 2:37:29 AM
Views: 112
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.