Skip to main content

OnionShare CVE-2026-54707

MEDIUM
2026-07-14 vendor:ubuntu
Share

Severity by source

vuln.today AI
6.5 MEDIUM

Network-accessible Tor service, no authentication required, attacker writes files (integrity) and may exhaust disk (availability), no confidentiality impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Estimated by vuln.today — no official severity rating has been published for this CVE yet.

Lifecycle Timeline

1
Analysis Generated
Jul 16, 2026 - 09:31 vuln.today

DescriptionCVE.org

[OnionShare Receive mode writes uploaded files even when file uploads are disabled]

AnalysisAI

OnionShare's Receive mode incorrectly writes uploaded files to disk even when the operator has explicitly disabled file uploads, allowing unauthenticated remote attackers over Tor to bypass the access-control setting and deposit files on the host system. This affects deployments where operators have configured the 'disable uploads' option with an expectation that no inbound file writes will occur. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain target .onion address
Delivery
Connect via Tor to OnionShare Receive endpoint
Exploit
Submit multipart file upload request
Execution
OnionShare bypasses disabled-upload check
Impact
Attacker file written to operator's disk

Vulnerability AssessmentAI

Exploitation Exploitation requires the target to be running OnionShare in Receive mode with the file upload feature explicitly disabled via the application's configuration toggle. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is moderate. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker obtains the .onion address of an OnionShare instance running in Receive mode with file uploads disabled - for example, from a leaked link or public posting. The attacker submits a multipart file upload HTTP request to the .onion endpoint. …
Remediation No vendor-released patch version is confirmed in the available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54707 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy