4 matches found
GO-2026-4606 File Browser's TUS Delete Endpoint Bypasses Delete Permission Check in github.com/filebrowser/filebrowser
File Browser's TUS Delete Endpoint Bypasses Delete Permission Check in github.com/filebrowser/filebrowser...
CVE-2026-29188 File Browser: TUS Delete Endpoint Bypasses Delete Permission Check
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.1, a broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create...
CVE-2026-29188
CVE-2026-29188 concerns File Browser’s TUS protocol DELETE endpoint, where prior to v2.61.1 broken access control allowed authenticated users with only Create permission to delete arbitrary files/directories within their scope. The issue affects multi-user deployments with restricted deletion per...
GHSA-79PF-VX4X-7JMM File Browser's TUS Delete Endpoint Bypasses Delete Permission Check
Summary A broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create permission to delete arbitrary files and directories within their scope, bypassing the intended Delete permission restriction. Any multi-user deployment where administrato...