CVE-2026-30231

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the content, which is inconsistent with stricter checks used by other endpoints. This issue has been patched in version 1.7.2.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/FlintSH/Flare/security/advisories/GHSA-gwqr-xf5c-5569	Exploit Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:flintsh:flare:*:*:*:*:*:*:*:*

History

09 Apr 2026, 20:21

Type	Values Removed	Values Added
First Time		Flintsh Flintsh flare
References	~~() https://github.com/FlintSH/Flare/security/advisories/GHSA-gwqr-xf5c-5569 -~~	() https://github.com/FlintSH/Flare/security/advisories/GHSA-gwqr-xf5c-5569 - Exploit, Mitigation, Vendor Advisory
Summary		(es) Flare es una plataforma para compartir archivos autoalojable, basada en Next.js, que se integra con herramientas de captura de pantalla. Antes de la versión 1.7.2, las rutas de archivo sin procesar y directas solo bloqueaban el acceso de usuarios no autenticados a archivos privados. Cualquier usuario autenticado no propietario que conozca la URL del archivo puede recuperar el contenido, lo cual es inconsistente con las comprobaciones más estrictas utilizadas por otros puntos finales. Este problema ha sido parcheado en la versión 1.7.2.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CPE		cpe:2.3:a:flintsh:flare::::::::

06 Mar 2026, 21:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-06 21:16

Updated : 2026-04-09 20:21

NVD link : CVE-2026-30231

Mitre link : CVE-2026-30231

CVE.ORG link : CVE-2026-30231

JSON object : View

Products Affected

flintsh

flare

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2026-30231", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-06T21:16:17.223", "references": [{"url": "https://github.com/FlintSH/Flare/security/advisories/GHSA-gwqr-xf5c-5569", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non\u2011owner user who knows the file URL can retrieve the content, which is inconsistent with stricter checks used by other endpoints. This issue has been patched in version 1.7.2."}, {"lang": "es", "value": "Flare es una plataforma para compartir archivos autoalojable, basada en Next.js, que se integra con herramientas de captura de pantalla. Antes de la versi\u00f3n 1.7.2, las rutas de archivo sin procesar y directas solo bloqueaban el acceso de usuarios no autenticados a archivos privados. Cualquier usuario autenticado no propietario que conozca la URL del archivo puede recuperar el contenido, lo cual es inconsistente con las comprobaciones m\u00e1s estrictas utilizadas por otros puntos finales. Este problema ha sido parcheado en la versi\u00f3n 1.7.2."}], "lastModified": "2026-04-09T20:21:57.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flintsh:flare:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4166EF32-3722-49DA-8764-A48E4CE75863", "versionEndExcluding": "1.7.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}