CVE-2026-54090
Summary (CVE-2026-54090) : File Browser before version 2.33.8 is vulnerable to a command allowlist bypass when a shell interpreter is configured (e.g., /bin/sh -c). The allowlist checks only the first token, but the full raw input is passed to the shell, allowing metacharacters (semicolon, pipe, ...