CVE-2026-54094 File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...

Fedora 42 : scitokens-cpp (2026-a6d1791c49)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a6d1791c49 advisory. - Fix scope path boundary validation to deny sibling-prefix authorization bypasses - Reject parent-directory traversal in scope paths, including encoded...