CVE-2026-30942
Flare has a Path Traversal in /api/avatars/[filename]
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/[filename] allows any logged-in user to read arbitrary files from within the application container. The filename URL parameter is passed to path.join() without sanitization, and getFileStream() performs no path validation, enabling %2F-encoded ../ sequences to escape the uploads/avatars/ directory and read any file accessible to the nextjs process under /app/. Authentication is enforced by Next.js middleware. However, on instances with open registration enabled (the default), any attacker can self-register and immediately exploit this. This vulnerability is fixed in 1.7.3.
| CWE | CWE-22 |
| Vendor | flintsh |
| Product | flare |
| Published | Mar 10, 2026 |
| Last Updated | Mar 10, 2026 |
Get instant alerts for flintsh flare
Be the first to know when new unknown vulnerabilities affecting flintsh flare are published โ delivered to Slack, Telegram or Discord.