CVE-2026-34745 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: April 3, 2026
Fireshare - Unrestricted File Upload
Overview
Fireshare < 1.5.3 contains an unrestricted file upload caused by improper validation of the checkSum parameter in the unauthenticated /api/uploadChunked/public endpoint, letting unauthenticated attackers write arbitrary files to the server filesystem.
Severity & Score
Impact
Unauthenticated attackers can write arbitrary files to the server, potentially leading to remote code execution or system compromise.
Mitigation
Update to version 1.5.3 or later.
References
Social Media Activity(2 posts)
🚨 CRITICAL: CVE-2026-34745 in ShaneIsrael fireshare (<1.5.3) enables unauth’d file writes to any server path via /api/uploadChunked/public. Upgrade to 1.5.3 ASAP or restrict access. Full details: https://radar.offseq.com/threat/cve-2026-34745-cwe-22-improper-limitation-of-a-pat-3a68f043 #OffSeq #CVE202634745 #infosec #patchnow
View original post
🔴 CVE-2026-34745 - Critical (9.1) Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34745/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-34745
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- unrestricted_file_upload
- Status
- confirmed
- EPSS
- 4.3%
- Social Posts
- 2
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H