3 matches found
CVE-2026-34528
CVE-2026-34528 — File Browser : Multiple sources confirm that prior to version 2.62.2, the signupHandler copies all default permissions and only strips Admin, leaving Execute and Commands intact. If signup is enabled and Execute=true with default commands, an unauthenticated self-registered user ...
CVE-2026-34528 File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin. The Execu...
CVE-2026-34528
creationtimestamp| type| source ---|---|--- 2026-03-28 19:03:25+00:00| published-proof-of-concept| https://github.com/filebrowser/filebrowser/security/advisories/GHSA-x8jc-jvqm-pm3f 2026-03-28 19:03:25+00:00| published-proof-of-concept|...