Cyber Resilience

CVE-2026-33330

HighPublic PoC

Published: 24 March 2026

Published
24 March 2026
Modified
26 March 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
EPSS Score 0.0001 2.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-33330 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Filerise Filerise. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-33330 is a broken access control vulnerability (CWE-863) in the ONLYOFFICE integration of FileRise, a self-hosted web file manager and WebDAV server. It affects FileRise versions prior to 3.10.0, where an authenticated user with read-only access can obtain a signed save callbackUrl for a file and forge the ONLYOFFICE save callback to overwrite that file with attacker-controlled content. The vulnerability has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N), indicating high integrity impact with low privileges required.

An attacker with authenticated read-only access to FileRise can exploit this issue remotely over the network with low complexity and no user interaction. By obtaining the signed callbackUrl for a target file and forging a save callback request to the ONLYOFFICE integration, the attacker can overwrite the file's contents with arbitrary data, potentially leading to data tampering or privilege escalation within the file management environment.

The vulnerability has been addressed in FileRise version 3.10.0, as detailed in the project's security advisory (GHSA-6c3j-f4x4-36m3), release notes, and the patching commit. Security practitioners should upgrade to version 3.10.0 or later to mitigate the issue.

EU & UK References

Vulnerability details

FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and…

more

then directly forge the ONLYOFFICE save callback to overwrite that file with attacker-controlled content. This issue has been patched in version 3.10.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Broken access control allows read-only authenticated users to forge callbacks and overwrite files, directly enabling unauthorized stored data manipulation (T1565.001) and privilege escalation via exploitation of the authorization flaw (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-33329Same product: Filerise Filerise
CVE-2026-25231Same product: Filerise Filerise
CVE-2026-33072Same product: Filerise Filerise
CVE-2026-33071Same product: Filerise Filerise
CVE-2026-28951Shared CWE-863
CVE-2026-42432Shared CWE-863
CVE-2024-40771Shared CWE-863
CVE-2026-34972Shared CWE-863
CVE-2025-0360Shared CWE-863
CVE-2026-4639Shared CWE-863

Affected Assets

filerise
filerise
≤ 3.10.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations to prevent read-only authenticated users from overwriting files via forged ONLYOFFICE save callbacks.

prevent

Applies least privilege to restrict read-only users from performing write operations through the ONLYOFFICE integration.

detect

Monitors software, firmware, and information integrity to identify unauthorized file overwrites resulting from the broken access control.

References