603 matches found
CVE-2026-54096 File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.7, POST /api/share/ accepts an authenticated request for an arbitrary path and stores a public share record without checking whether the target fi...
CVE-2026-54096
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.7, POST /api/share/ accepts an authenticated request for an arbitrary path and stores a public share record without checking whether the target fi...
CVE-2026-54096
File Browser exposes a vulnerability: an authenticated user can create a public share for a path that does not yet exist, and that share becomes valid later when a file is created at that path, potentially exposing future files via GET /api/public/dl/. The issue is triggered by POST /api/share/, ...
CVE-2026-55667
File Browser CVE-2026-55667 allows a scoped, non-admin user with only Create permission to delete files outside their scope during failed-upload cleanup. The issue stems from ScopedFs.RemoveAll bypassing the symlink guard that other methods enforce, with the direct-upload cleanup path invoking Re...
CVE-2026-55667
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.16, a scoped, non-admin File Browser user holding only the Create permission can delete arbitrary files outside their scope other tenants' data, a...
CVE-2026-55667 File Browser: Out-of-scope file deletion by a Create-only scoped user via symlink-following RemoveAll in upload failure-cleanup
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.16, a scoped, non-admin File Browser user holding only the Create permission can delete arbitrary files outside their scope other tenants' data, a...
CVE-2026-55667 File Browser: Out-of-scope file deletion by a Create-only scoped user via symlink-following RemoveAll in upload failure-cleanup
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.16, a scoped, non-admin File Browser user holding only the Create permission can delete arbitrary files outside their scope other tenants' data, a...
PT-2026-52536
Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description The Hook Authentication feature allows administrators to delegate login verification to an external shell command. User-supplied credentials, specifically the username and password variables, a...
PT-2026-52539
Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.16 Description A scoped, non-admin user with only Create permission can delete arbitrary files outside their assigned scope, including other tenants' data and the application database. This occurs during the...
GO-2026-5055 File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope in github.com/filebrowser/filebrowser
File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope in github.com/filebrowser/filebrowser...
GHSA-8C9Q-7855-WFXQ File Browser has a Command Execution Allowlist Bypass via Shell Metacharacter Injection
!NOTE This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities. We're publishing this new...
File Browser has a Command Execution Allowlist Bypass via Shell Metacharacter Injection
!NOTE This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities. We're publishing this new...
GHSA-GXJX-7M74-HCQ8 File Browser: FilePath traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames
Summary filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for backslashes \ is only a path separator on Windows. A file whose name contains Windows-style traversal ......\evil.txt is accepted by the resource...
GHSA-239W-M3H6-CH8V File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope
Summary File Browser enforces per-user scope with afero.NewBasePathFsafero.NewOsFs, scope, set up in users/users.go. This blocks lexical ../ traversal, but it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...
GHSA-W5FM-68J4-FPC4 File Browser has a DoS Vulnerability via Public Login API
Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the...
GHSA-3Q2P-72CJ-682C File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path
Summary This is similar vulnrability of CVE-2026-0035, which was fixed in Android MediaProvider with high severity. In the original Java issue, MediaStore.createWriteRequest accepted attacker-controlled URIs and created a future grant even when the referenced media item did not exist yet. The...
GHSA-5WW9-JG6Q-38R7 File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix
Summary A low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link records belonging to any other user — including the administrator — by performing a legitimate DELETE on a file in their own directory whose...
CVE-2026-54091
creationtimestamp| type| source ---|---|--- 2026-06-06 05:55:29+00:00| published-proof-of-concept| https://github.com/filebrowser/filebrowser/security/advisories/GHSA-j9jx-hp4c-ghhh...
CVE-2026-44371
Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...
CVE-2026-54096
creationtimestamp| type| source ---|---|--- 2026-06-04 05:54:39+00:00| published-proof-of-concept| https://github.com/filebrowser/filebrowser/security/advisories/GHSA-3q2p-72cj-682c...