Skip to main content

OnionShare CVE-2026-54706

MEDIUM
2026-07-14 vendor:ubuntu
Share

Severity by source

vuln.today AI
6.5 MEDIUM

Network-served share exploited remotely (AV:N, AC:L, PR:N); victim must share a directory with symlinks present (UI:R); confidentiality high, no integrity or availability impact.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Estimated by vuln.today — no official severity rating has been published for this CVE yet.

Lifecycle Timeline

1
Analysis Generated
Jul 16, 2026 - 09:31 vuln.today

DescriptionCVE.org

[OnionShare follows symlinks in shared directories, allowing unintended disclosure of local files]

AnalysisAI

OnionShare fails to restrict symlink traversal within shared directories, allowing any recipient of a file share to read arbitrary local files on the sharer's machine. When a user shares a directory containing symbolic links, OnionShare follows those links and serves the linked files over the Tor .onion URL - including files and directories outside the intended share root. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Victim shares directory containing symlinks
Delivery
Attacker receives .onion share URL
Exploit
Enumerate or guess symlinked filenames
Execution
Send HTTP request for symlinked path
Persist
OnionShare resolves symlink outside share root
Impact
Sensitive local file contents returned to attacker

Vulnerability AssessmentAI

Exploitation Exploitation requires two conditions: (1) the victim must be actively running OnionShare and sharing a directory that contains at least one symbolic link pointing to a file or directory outside the share root - this is the triggering configuration and is not universally present; (2) the attacker must have received the .onion share URL from the victim, meaning they are an intended or invited recipient. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No CVSS score or vector was supplied, and EPSS and KEV data are absent, so quantitative risk signals are unavailable and the following assessment relies on architectural reasoning from the description alone. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker is given a .onion share URL by a victim running OnionShare to share a project directory. The victim's directory contains a symlink - perhaps created by a build tool or package manager - pointing to ~/.ssh or /etc/passwd. …
Remediation No vendor-released patch version has been identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54706 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy