CVE-2026-33477 — FileRise is a self-hosted web-based file manager with multi-file upload,…

🚨 CVE-2026-33477 FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint /api/file/snippet.php allows an authenticated user with only read_own access to a folder to retrieve snippet content from files uploaded by other users in the same folder. This is a server-side authorization flaw in the read_own enforcement for hover previews. Version 3.11.0 fixes the issue.

🎖@cveNotify