What is CVE-2026-33071?

CVE-2026-33071 is a medium-severity vulnerability in Error311 Filerise, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 4.3/10. Published 2026-03-20.

How severe is CVE-2026-33071?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Arbitrary file upload in Error311 Filerise

CVE-2026-33071

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filenam…

Vulnerability class: Unrestricted File Upload

EPSS: 0.001 (22.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Error311 Filerise — versions < 3.8.0

Weakness classification (CWE)

References

https://github.com/error311/FileRise/security/advisories/GHSA-46gv-gf5f-wvr2 (x_refsource_CONFIRM)
https://github.com/error311/FileRise/releases/tag/v3.8.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-33071?: CVE-2026-33071 is a medium-severity vulnerability in Error311 Filerise, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 4.3/10. Published 2026-03-20.
How severe is CVE-2026-33071?: Medium severity. CVSS v3 base score is 4.3 out of 10.