EUVD-2026-12080
GHSA-45vh-rpc8-hxpp
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
4Description
### Summary The chunked upload completion path for file requests does not validate the total file size against the per-request `MaxSize` limit. An attacker with a public file request link can split an oversized file into chunks each under `MaxSize` and upload them sequentially, bypassing the size restriction entirely. Files up to the server's global `MaxFileSizeMB` are accepted regardless of the file request's configured limit. ### Impact Any guest with access to a shared file request link can upload files far larger than the administrator-configured size limit, up to the server's global `MaxFileSizeMB`. This allows unauthorized storage consumption, circumvention of administrative resource policies, and potential service disruption through storage exhaustion. No data exposure or privilege escalation occurs.
Analysis
A validation bypass in the chunked file upload completion logic for file requests allows attackers to circumvent per-request file size limits by splitting oversized files into smaller chunks that individually pass validation. Attackers with access to a public file request link can sequentially upload chunks to exceed the administrator-configured MaxSize limit, uploading files up to the server's global MaxFileSizeMB threshold. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today