Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-30230

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing thumbnail access without the password. This issue has been patched in version 1.7.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.0%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2026-30230
  • Flintsh » Flare » Version: 1.0.0
    cpe:2.3:a:flintsh:flare:1.0.0
  • Flintsh » Flare » Version: 1.1.0
    cpe:2.3:a:flintsh:flare:1.1.0
  • Flintsh » Flare » Version: 1.1.1
    cpe:2.3:a:flintsh:flare:1.1.1
  • Flintsh » Flare » Version: 1.2.0
    cpe:2.3:a:flintsh:flare:1.2.0
  • Flintsh » Flare » Version: 1.2.1
    cpe:2.3:a:flintsh:flare:1.2.1
  • Flintsh » Flare » Version: 1.3.0
    cpe:2.3:a:flintsh:flare:1.3.0
  • Flintsh » Flare » Version: 1.3.1
    cpe:2.3:a:flintsh:flare:1.3.1
  • Flintsh » Flare » Version: 1.4.0
    cpe:2.3:a:flintsh:flare:1.4.0
  • Flintsh » Flare » Version: 1.4.1
    cpe:2.3:a:flintsh:flare:1.4.1
  • Flintsh » Flare » Version: 1.4.2
    cpe:2.3:a:flintsh:flare:1.4.2
  • Flintsh » Flare » Version: 1.5.0
    cpe:2.3:a:flintsh:flare:1.5.0
  • Flintsh » Flare » Version: 1.5.1
    cpe:2.3:a:flintsh:flare:1.5.1
  • Flintsh » Flare » Version: 1.5.2
    cpe:2.3:a:flintsh:flare:1.5.2
  • Flintsh » Flare » Version: 1.6.0
    cpe:2.3:a:flintsh:flare:1.6.0
  • Flintsh » Flare » Version: 1.6.1
    cpe:2.3:a:flintsh:flare:1.6.1
  • Flintsh » Flare » Version: 1.6.2
    cpe:2.3:a:flintsh:flare:1.6.2
  • Flintsh » Flare » Version: 1.7.0
    cpe:2.3:a:flintsh:flare:1.7.0
  • Flintsh » Flare » Version: 1.7.1
    cpe:2.3:a:flintsh:flare:1.7.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved