Is PHP affected by CVE-2026-33477?

Organizations using versiosn 2.3.7 should be aware of moderate risk from CVE-2026-33477, a incorrect authorization vulnerability rated CVSS 4.3. Attackers could gain access beyond their authorized level. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2026-33477

EUVD-2026-16277 MEDIUM

2026-03-26 GitHub_M

4.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 26, 2026 - 17:45 euvd

EUVD-2026-16277

Analysis Generated

Mar 26, 2026 - 17:45 vuln.today

CVE Published

Mar 26, 2026 - 17:09 nvd

MEDIUM 4.3

Description

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint `/api/file/snippet.php` allows an authenticated user with only `read_own` access to a folder to retrieve snippet content from files uploaded by other users in the same folder. This is a server-side authorization flaw in the `read_own` enforcement for hover previews. Version 3.11.0 fixes the issue.

Analysis

FileRise versions 2.3.7 through 3.10.0 suffer from improper access control in the file snippet endpoint, allowing authenticated users with read-only access to retrieve file content uploaded by other users in shared folders. An attacker with limited folder permissions can exploit this authorization bypass to view sensitive files beyond their intended access scope. …

Remediation

Within 30 days: Identify affected systems running versiosn 2.3.7 and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +22

POC: 0

CVE-2026-33477 vulnerability details – vuln.today

Back

CVE-2026-33477

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-33477

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code