CVE-2026-33330 is a vulnerability classified under CWE-863 (Incorrect Authorization) affecting FileRise, a self-hosted web file manager and WebDAV server. Specifically, the flaw resides in the integration with ONLYOFFICE prior to version 3.10.0. The vulnerability allows an authenticated user who only has read-only access to obtain a signed save callback URL for a file. This signed URL is intended to authorize ONLYOFFICE to save changes to a document securely. However, due to broken access control, the attacker can forge the ONLYOFFICE save callback request using this URL to overwrite the file with attacker-controlled content, effectively escalating their privileges from read-only to write access. This bypasses intended authorization checks and compromises file integrity. The vulnerability does not require user interaction beyond authentication and can be exploited remotely over the network (AV:N). The CVSS v3.1 base score is 7.1, reflecting high severity with low attack complexity and no user interaction required. The flaw impacts confidentiality to a limited extent (as the attacker must be authenticated) but severely impacts integrity by allowing unauthorized file modification. The vulnerability has been addressed in FileRise version 3.10.0, where proper authorization checks are enforced for ONLYOFFICE save callbacks.

The primary impact of CVE-2026-33330 is unauthorized modification of files within FileRise instances, which can lead to data integrity breaches. Attackers with read-only access can overwrite files with malicious or misleading content, potentially enabling further attacks such as malware distribution, data corruption, or misinformation. This undermines trust in document management and collaboration workflows. Organizations relying on FileRise for sensitive file storage or collaborative editing risk exposure of critical data to unauthorized changes. Although availability is not directly affected, the integrity compromise can disrupt business operations and lead to compliance violations. The requirement for authentication limits exposure to internal or compromised users, but insider threats or credential theft scenarios increase risk. No known exploits in the wild reduce immediate urgency but do not eliminate the threat, especially in targeted environments.

To mitigate this vulnerability, organizations should upgrade FileRise to version 3.10.0 or later, where the broken access control issue is patched. Until upgrade is possible, restrict read-only user access to trusted personnel and monitor usage of ONLYOFFICE save callbacks for suspicious activity. Implement network segmentation and access controls to limit exposure of FileRise servers. Employ strong authentication mechanisms and monitor authentication logs for anomalous behavior. Review and tighten ONLYOFFICE integration configurations to ensure callback URLs are not exposed or reusable beyond intended scope. Additionally, conduct regular audits of file integrity and implement file change monitoring to detect unauthorized modifications. Educate users about the risks of credential compromise and enforce least privilege principles to minimize potential exploitation.