cvedb.io
CVE-2026-30231
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2026-03-06T21:16:17.223 · Last modified 2026-06-17T10:32:31.893

Summary

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the content, which is inconsistent with stricter checks used by other endpoints. This issue has been patched in version 1.7.2.

Affected products

flintsh — flare

Does this affect you?

Add your gear to cvedb and we'll alert you only when flintsh ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.