CVE-2026-34745: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in ShaneIsrael fireshare
CVE-2026-34745 is a critical path traversal vulnerability in ShaneIsrael fireshare versions prior to 1. 5. 3. The issue exists because a fix applied to the authenticated /api/uploadChunked endpoint was not applied to the unauthenticated /api/uploadChunked/public endpoint. This allows an unauthenticated attacker to exploit the checkSum parameter to write arbitrary files with attacker-controlled content to any writable path on the server filesystem. The vulnerability has been patched in version 1. 5. 3.
AI Analysis
Technical Summary
ShaneIsrael fireshare before version 1.5.3 contains a path traversal vulnerability (CWE-22) in the unauthenticated /api/uploadChunked/public endpoint. Although a fix for a similar issue (CVE-2026-33645) was applied to the authenticated upload endpoint, the public endpoint remained vulnerable. An attacker can manipulate the checkSum parameter to write arbitrary files anywhere on the server's writable filesystem, potentially leading to code execution or denial of service. This vulnerability has a CVSS 3.1 score of 9.1, indicating critical severity. The issue was addressed in fireshare version 1.5.3.
Potential Impact
An unauthenticated attacker can write arbitrary files with attacker-controlled content to any writable path on the server hosting fireshare versions prior to 1.5.3. This can lead to severe impacts including integrity compromise and availability disruption. The vulnerability does not require authentication or user interaction, increasing its risk. There are no known exploits in the wild at the time of this report.
Mitigation Recommendations
Upgrade fireshare to version 1.5.3 or later, where this vulnerability has been patched. No other mitigations are indicated by the vendor advisory. Patch status is confirmed by the vendor's versioning information.
CVE-2026-34745: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in ShaneIsrael fireshare
Description
CVE-2026-34745 is a critical path traversal vulnerability in ShaneIsrael fireshare versions prior to 1. 5. 3. The issue exists because a fix applied to the authenticated /api/uploadChunked endpoint was not applied to the unauthenticated /api/uploadChunked/public endpoint. This allows an unauthenticated attacker to exploit the checkSum parameter to write arbitrary files with attacker-controlled content to any writable path on the server filesystem. The vulnerability has been patched in version 1. 5. 3.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
ShaneIsrael fireshare before version 1.5.3 contains a path traversal vulnerability (CWE-22) in the unauthenticated /api/uploadChunked/public endpoint. Although a fix for a similar issue (CVE-2026-33645) was applied to the authenticated upload endpoint, the public endpoint remained vulnerable. An attacker can manipulate the checkSum parameter to write arbitrary files anywhere on the server's writable filesystem, potentially leading to code execution or denial of service. This vulnerability has a CVSS 3.1 score of 9.1, indicating critical severity. The issue was addressed in fireshare version 1.5.3.
Potential Impact
An unauthenticated attacker can write arbitrary files with attacker-controlled content to any writable path on the server hosting fireshare versions prior to 1.5.3. This can lead to severe impacts including integrity compromise and availability disruption. The vulnerability does not require authentication or user interaction, increasing its risk. There are no known exploits in the wild at the time of this report.
Mitigation Recommendations
Upgrade fireshare to version 1.5.3 or later, where this vulnerability has been patched. No other mitigations are indicated by the vendor advisory. Patch status is confirmed by the vendor's versioning information.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-30T19:17:10.224Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69cec35ae6bfc5ba1dfb4cde
Added to database: 4/2/2026, 7:28:26 PM
Last enriched: 4/9/2026, 10:53:35 PM
Last updated: 5/20/2026, 8:52:47 PM
Views: 72
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.