Severity by source
Network-served share exploited remotely (AV:N, AC:L, PR:N); victim must share a directory with symlinks present (UI:R); confidentiality high, no integrity or availability impact.
Estimated by vuln.today — no official severity rating has been published for this CVE yet.
Lifecycle Timeline
1DescriptionCVE.org
[OnionShare follows symlinks in shared directories, allowing unintended disclosure of local files]
AnalysisAI
OnionShare fails to restrict symlink traversal within shared directories, allowing any recipient of a file share to read arbitrary local files on the sharer's machine. When a user shares a directory containing symbolic links, OnionShare follows those links and serves the linked files over the Tor .onion URL - including files and directories outside the intended share root. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires two conditions: (1) the victim must be actively running OnionShare and sharing a directory that contains at least one symbolic link pointing to a file or directory outside the share root - this is the triggering configuration and is not universally present; (2) the attacker must have received the .onion share URL from the victim, meaning they are an intended or invited recipient. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No CVSS score or vector was supplied, and EPSS and KEV data are absent, so quantitative risk signals are unavailable and the following assessment relies on architectural reasoning from the description alone. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker is given a .onion share URL by a victim running OnionShare to share a project directory. The victim's directory contains a symlink - perhaps created by a build tool or package manager - pointing to ~/.ssh or /etc/passwd. … |
| Remediation | No vendor-released patch version has been identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today