cvedb.io
CVE-2026-30230
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-03-06T21:16:17.077 · Last modified 2026-06-17T10:32:31.777

Summary

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing thumbnail access without the password. This issue has been patched in version 1.7.2.

Affected products

flintsh — flare

Does this affect you?

Add your gear to cvedb and we'll alert you only when flintsh ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.