CVE-2026-30942

high

Red Hat

CVSS v3 Base Score

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.1%

Exploitation probability in 30 days

Top 68% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

High

Integrity

None

Availability

None

Published: March 10, 2026 (65 days ago)

Last Modified: March 10, 2026

Vendor: Red Hat

Description

A flaw was found in Flare, a file sharing platform. An authenticated path traversal vulnerability exists in the /api/avatars/[filename] endpoint, allowing a logged-in user to read arbitrary files from the application container. This occurs because the filename parameter is not properly sanitized, enabling specially crafted sequences to bypass directory restrictions. If open registration is enabled, an attacker can self-register and exploit this vulnerability, leading to sensitive information disclosure.

CWE

CWE-22

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 github.com

CVE-2026-30942

Vulnerability Report

Description

CWE

References