The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-33330

CVE-2026-33330: Filerise Auth Bypass Vulnerability

CVE-2026-33330 is an authentication bypass flaw in Filerise that allows read-only users to overwrite files through ONLYOFFICE integration. This article covers technical details, affected versions, impact, and mitigation.

Published: March 27, 2026

CVE-2026-33330 Overview

CVE-2026-33330 is a broken access control vulnerability affecting FileRise, a self-hosted web file manager and WebDAV server. Prior to version 3.10.0, a flaw in FileRise's ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and then directly forge the ONLYOFFICE save callback to overwrite that file with attacker-controlled content. This vulnerability enables unauthorized file modification, potentially leading to data integrity compromise, malicious content injection, or further exploitation within affected environments.

Critical Impact

Authenticated attackers with minimal privileges can bypass access controls to overwrite arbitrary files with malicious content, compromising data integrity and potentially enabling further attacks.

Affected Products

  • FileRise versions prior to 3.10.0
  • FileRise installations with ONLYOFFICE integration enabled
  • Self-hosted FileRise/WebDAV deployments

Discovery Timeline

  • 2026-03-24 - CVE-2026-33330 published to NVD
  • 2026-03-26 - Last updated in NVD database

Technical Details for CVE-2026-33330

Vulnerability Analysis

This vulnerability is classified as CWE-863 (Incorrect Authorization), where the application fails to properly enforce access control checks in the ONLYOFFICE document editing integration. The core issue lies in how FileRise handles the callback mechanism used by ONLYOFFICE to save edited documents back to the server.

When a user opens a document for editing through ONLYOFFICE, FileRise generates a signed callback URL that ONLYOFFICE uses to send the modified document back to the server. The vulnerability exists because the access control validation performed when generating this signed URL does not adequately restrict users with read-only permissions from obtaining a valid save callback URL. Once an attacker with read-only access obtains this signed URL, they can craft a forged ONLYOFFICE save callback request to overwrite the target file with arbitrary content.

The attack requires network access and authentication (even with minimal privileges), but does not require user interaction, making it relatively straightforward to exploit in environments where multiple users have varying permission levels.

Root Cause

The root cause of CVE-2026-33330 is improper authorization validation within the ONLYOFFICE integration module. The application fails to differentiate between read and write permissions when generating the signed save callback URL, allowing read-only users to obtain credentials that should only be available to users with write access. This represents a classic broken access control pattern where permission checks are insufficient at a critical authorization boundary.

Attack Vector

The attack leverages the network-accessible ONLYOFFICE integration endpoint. An authenticated attacker with read-only access follows these steps:

  1. Authenticate to FileRise with a low-privileged account that has read-only access to target files
  2. Initiate a document editing session through the ONLYOFFICE integration for a target file
  3. Capture the signed save callbackUrl provided by FileRise during the editing session initialization
  4. Craft a malicious ONLYOFFICE-formatted save callback request containing attacker-controlled content
  5. Submit the forged callback request to the captured URL, bypassing access control checks
  6. The target file is overwritten with the attacker's content despite having only read permissions

For technical implementation details, refer to the GitHub Security Advisory GHSA-6c3j-f4x4-36m3.

Detection Methods for CVE-2026-33330

Indicators of Compromise

  • Unexpected file modifications by users who should only have read access
  • ONLYOFFICE callback requests originating from unusual IP addresses or user agents
  • Audit log entries showing file write operations for read-only user accounts
  • Discrepancies between expected file content and actual content on disk

Detection Strategies

  • Implement audit logging for all file write operations with user permission level tracking
  • Monitor ONLYOFFICE callback endpoints for requests from authenticated users with insufficient privileges
  • Deploy file integrity monitoring on sensitive documents to detect unauthorized modifications
  • Review application logs for save callback URL generation events correlated with read-only user sessions

Monitoring Recommendations

  • Configure alerts for file modification events by users with read-only ACL entries
  • Enable detailed request logging on ONLYOFFICE integration endpoints
  • Implement real-time monitoring for authorization failures followed by successful write operations
  • Establish baseline metrics for normal ONLYOFFICE callback patterns to identify anomalous activity

How to Mitigate CVE-2026-33330

Immediate Actions Required

  • Upgrade FileRise to version 3.10.0 or later immediately
  • Audit file access logs for any unauthorized modifications by read-only users
  • Review user permission assignments and restrict ONLYOFFICE integration access where not required
  • Consider temporarily disabling ONLYOFFICE integration until the patch is applied

Patch Information

FileRise has addressed this vulnerability in version 3.10.0. The fix implements proper authorization validation when generating save callback URLs, ensuring that only users with write permissions can obtain valid credentials for file modification callbacks.

The security patch is available through the GitHub Release v3.10.0. Detailed information about the fix can be found in the security commit 3871f9fd1661688bed4f7dd23912be0ebf50973c.

Workarounds

  • Disable ONLYOFFICE integration entirely until patching is possible
  • Restrict network access to ONLYOFFICE callback endpoints using firewall rules
  • Implement additional authentication layers for document editing functionality
  • Remove read-only user access to sensitive files that could be targeted for overwrite attacks
bash
# Verify FileRise version after upgrade
cat /path/to/filerise/version.txt
# Expected output: 3.10.0 or higher

# Review user permissions for ONLYOFFICE integration access
# Check configuration files for integration settings
grep -r "onlyoffice" /path/to/filerise/config/

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeAuth Bypass
  • Vendor/TechFilerise
  • SeverityHIGH
  • CVSS Score7.1
  • EPSS Probability0.01%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-863
  • Technical References
  • GitHub Release v3.10.0
  • Vendor Resources
  • GitHub Commit Update
  • GitHub Security Advisory GHSA-6c3j-f4x4-36m3
  • Related CVEs
  • CVE-2026-33477: FileRise Auth Bypass Vulnerability
  • CVE-2026-33072: Filerise Auth Bypass Vulnerability
  • CVE-2026-33070: Filerise Auth Bypass Vulnerability
  • CVE-2026-33329: Filerise Path Traversal Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English