GHSA-525J-95GF-766F FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info
Summary The remediation for CVE-2026-27611 appears incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info in docker image gtstef/filebrowser:1.3.1-webdav-2. Details The issue stems from two flaws: 1. Tokenized download URLs are written into the...