anonhaven
Ad

CVE-2026-30942

HIGH CVSS 4.0: 8.3 EPSS 0.21%
Updated Mar 18, 2026
Flintsh
Parameter Value
CVSS 8.3 (HIGH)
Affected Versions before 1.7.3
Fixed In 1.7.3
Type CWE-22 (Path Traversal)
Vendor Flintsh
Public PoC No

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/[filename] allows any logged-in user to read arbitrary files from within the application container. The filename URL parameter is passed to path.join() without sanitization, and getFileStream() performs no path validation, enabling %2F-encoded ../ sequences to escape the uploads/avatars/ directory and read any file accessible to the nextjs process under /app/.

Authentication is enforced by Next.js middleware. However, on instances with open registration enabled (the default), any attacker can self-register and immediately exploit this. This vulnerability is fixed in 1.7.3.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-22 Path Traversal

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Flintsh Flare
cpe:2.3:a:flintsh:flare:*:*:*:*:*:*:*:*
 1.7.3

References 3

https://github.com/FlintSH/Flare/commit/cd894cc480619aef958be5de72b1445222fd8d36
security-advisories@github.com
https://github.com/FlintSH/Flare/releases/tag/v1.7.3
security-advisories@github.com
https://github.com/FlintSH/Flare/security/advisories/GHSA-h639-p7m9-mpgp
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-30231

Flintsh

6.0

CVE-2026-30230

Flintsh

8.2