Volerion logoVolerion
Volerion logoVolerion

Copyparty Missing Permission Check in Shares Feature via FTP/SFTP

Vulnerability

A vulnerability exists in Copyparty versions prior to 1.20.12, where a missing permission check in the shares feature allows unauthorized access to files. This issue arises when the shares feature is used to share a single file within a folder, and either the FTP or SFTP server is publicly accessible. Under these conditions, users can read other files in the shared folder by guessing or brute-forcing filenames, although subdirectory files are not accessible. This vulnerability is akin to CVE-2025-58753, which was addressed for HTTP and HTTPS but not for FTP.

Impact

Exploitation of this vulnerability could lead to unauthorized read access of files in the shared folder via FTP or SFTP.

Remediation

Users can upgrade to Copyparty version 1.20.12 or later to address this vulnerability.

Added: Mar 11, 2026, 9:42 PM
Updated: Mar 11, 2026, 9:42 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
0.6
exploitability
6.3
remediation
7.7
relevance
3.8
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.