CVE-2026-30231 — MEDIUM (5.3)

Q: How severe is CVE-2026-30231?

CVE-2026-30231 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-30231?

Check the references section above for vendor advisories and patch information. Affected products include: Flintsh Flare.

Vulnerability Description

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the content, which is inconsistent with stricter checks used by other endpoints. This issue has been patched in version 1.7.2.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Flintsh	Flare	< 1.7.2

Related Weaknesses (CWE)

CWE-639

References

https://github.com/FlintSH/Flare/security/advisories/GHSA-gwqr-xf5c-5569ExploitMitigationVendor Advisory

FAQ

What is CVE-2026-30231?

CVE-2026-30231 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from access...

How severe is CVE-2026-30231?

CVE-2026-30231 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-30231?

Check the references section above for vendor advisories and patch information. Affected products include: Flintsh Flare.