CVE-2026-30942

CVE-2026-30942

Name

CVE-2026-30942

Description

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/[filename] allows any logged-in user to read arbitrary files from within the application container. The filename URL parameter is passed to path.join() without sanitization, and getFileStream() performs no path validation, enabling %2F-encoded ../ sequences to escape the uploads/avatars/ directory and read any file accessible to the nextjs process under /app/. Authentication is enforced by Next.js middleware. However, on instances with open registration enabled (the default), any attacker can self-register and immediately exploit this. This vulnerability is fixed in 1.7.3.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/FlintSH/Flare/commit/cd894cc480619aef958be5de72b1445222fd8d36
security-advisories@github.com	https://github.com/FlintSH/Flare/releases/tag/v1.7.3
security-advisories@github.com	https://github.com/FlintSH/Flare/security/advisories/GHSA-h639-p7m9-mpgp

Type

URI

security-advisories@github.com

https://github.com/FlintSH/Flare/commit/cd894cc480619aef958be5de72b1445222fd8d36

security-advisories@github.com

https://github.com/FlintSH/Flare/releases/tag/v1.7.3

security-advisories@github.com

https://github.com/FlintSH/Flare/security/advisories/GHSA-h639-p7m9-mpgp

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:flintsh:flare::::::::`	flare	>= None	< 1.7.3

CPE URI

Source package

Min version

Max version

cpe:2.3:a:flintsh:flare:*:*:*:*:*:*:*:*

flare

>= None

< 1.7.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
flare	edge-community	0.20.0-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
flare	edge-community	0.18.1-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
flare	edge-community	0.17.3-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
flare	edge-community	0.17.0-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
flare	edge-community	0.16.3-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
flare	edge-community	0.16.0-r1	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
flare	edge-community	0.16.0-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
flare	edge-community	0.15.16-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
flare	edge-community	0.15.12-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
flare	edge-community	0.15.9-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
flare	edge-community	0.15.8-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
flare	edge-community	0.15.7-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
flare	edge-community	0.15.6-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
flare	3.23-community	0.17.3-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

flare

edge-community

0.20.0-r0

Krassy Boykinov <kboykinov@teamcentrixx.com>

possibly vulnerable

flare

edge-community