44 matches found
File Browser has incorrect access control for public directory shares via rule path rebasing
Summary File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths against the owner's global and per-user rules using the rebased relative path instead of the original path relative to the owner's scope. As a result, a...
GHSA-J9JX-HP4C-GHHH File Browser has incorrect access control for public directory shares via rule path rebasing
Summary File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths against the owner's global and per-user rules using the rebased relative path instead of the original path relative to the owner's scope. As a result, a...
File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path
Summary This is similar vulnrability of CVE-2026-0035, which was fixed in Android MediaProvider with high severity. In the original Java issue, MediaStore.createWriteRequest accepted attacker-controlled URIs and created a future grant even when the referenced media item did not exist yet. The...
GHSA-3Q2P-72CJ-682C File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path
Summary This is similar vulnrability of CVE-2026-0035, which was fixed in Android MediaProvider with high severity. In the original Java issue, MediaStore.createWriteRequest accepted attacker-controlled URIs and created a future grant even when the referenced media item did not exist yet. The...
PT-2026-49068
Summary This is similar vulnrability of CVE-2026-0035, which was fixed in Android MediaProvider with high severity. In the original Java issue, MediaStore.createWriteRequest accepted attacker-controlled URIs and created a future grant even when the referenced media item did not exist yet. The...
PT-2026-49064
Summary File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths against the owner's global and per-user rules using the rebased relative path instead of the original path relative to the owner's scope. As a result, a...
FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory
Summary publicPatchHandler in backend/http/public.go joins user-controlled fromPath and toPath body fields with the trusted d.share.Path BEFORE the downstream sanitizer runs. Because filepath.Join collapses .. segments during the join, the sanitizer in resourcePatchHandler never sees the traversa...
GHSA-QQQM-5547-774X FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory
Summary publicPatchHandler in backend/http/public.go joins user-controlled fromPath and toPath body fields with the trusted d.share.Path BEFORE the downstream sanitizer runs. Because filepath.Join collapses .. segments during the join, the sanitizer in resourcePatchHandler never sees the traversa...
CVE-2026-44542
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences e.g., ../ to escape the intended shared directory. As a result, an...
CVE-2026-44542 FileBrowser Quantum: Unauthenticated Path Traversal in Public Share Delete Allows Arbitrary File Deletion
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences e.g., ../ to escape the intended shared directory. As a result, an...
CVE-2026-44542 FileBrowser Quantum: Unauthenticated Path Traversal in Public Share Delete Allows Arbitrary File Deletion
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences e.g., ../ to escape the intended shared directory. As a result, an...
CVE-2026-44542
CVE-2026-44542 affects FileBrowser Quantum. An attacker-controlled path input is joined with a trusted base path before sanitization, enabling path traversal (e.g., ../) to escape the shared directory. An unauthenticated attacker with a valid public share hash that has delete permissions can dele...
GHSA-MMPX-JH39-WRV6 FileBrowser Vulnerable to Stored XSS via SVG File in Public Share (Missing CSP Header)
Summary FileBrowser Quantum serves inline SVG files without a Content-Security-Policy header, allowing embedded JavaScript in SVG files to execute when accessed via public share links. Verified on v1.3.0-stable. Affected product - Product: FileBrowser Quantum gtsteffaniak/filebrowser - Verified...
FileBrowser Public Share DELETE API Path Traversal Allows Unauthenticated Arbitrary File Deletion
Summary Attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences e.g., ../ to escape the intended shared directory. As a result, an unauthenticated attacker possessing a valid public share hash with delete permissions enabled can delete...
GHSA-FWJ3-42WH-8673 FileBrowser Public Share DELETE API Path Traversal Allows Unauthenticated Arbitrary File Deletion
Summary Attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences e.g., ../ to escape the intended shared directory. As a result, an unauthenticated attacker possessing a valid public share hash with delete permissions enabled can delete...
PT-2026-38413
Name of the Vulnerable Software and Affected Versions FileBrowser Quantum versions prior to 1.3.1-stable FileBrowser Quantum versions prior to 1.3.9-beta Description Attacker-controlled path input is joined with a trusted base path before sanitization, enabling the use of traversal sequences such...
CVE-2026-6568 kodcloud KodExplorer Public Share share.class.php initShareOld path traversal
A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated...
CVE-2026-6568
Kodcloud KodExplorer
CVE-2026-35604
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to...
CVE-2026-4830 kalcaddle kodbox Public Share userShare.class.php add privilege escalation
A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipulation leads to unrestricted upload. The attack can be executed remotely. This attack is...