Lucene search
K

4 matches found

OSV
OSV
added 2026/03/10 6:28 p.m.4 views

GO-2026-4606 File Browser's TUS Delete Endpoint Bypasses Delete Permission Check in github.com/filebrowser/filebrowser

File Browser's TUS Delete Endpoint Bypasses Delete Permission Check in github.com/filebrowser/filebrowser...

9.1CVSS5.8AI score0.00487EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/05 8:57 p.m.30 views

CVE-2026-29188 File Browser: TUS Delete Endpoint Bypasses Delete Permission Check

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.1, a broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create...

9.1CVSS0.00487EPSS
Exploits1References3
CVE
CVE
added 2026/03/05 8:57 p.m.27 views

CVE-2026-29188

CVE-2026-29188 concerns File Browser’s TUS protocol DELETE endpoint, where prior to v2.61.1 broken access control allowed authenticated users with only Create permission to delete arbitrary files/directories within their scope. The issue affects multi-user deployments with restricted deletion per...

9.1CVSS5.9AI score0.00487EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/04 10:38 p.m.5 views

GHSA-79PF-VX4X-7JMM File Browser's TUS Delete Endpoint Bypasses Delete Permission Check

Summary A broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create permission to delete arbitrary files and directories within their scope, bypassing the intended Delete permission restriction. Any multi-user deployment where administrato...

9.1CVSS6.2AI score0.00487EPSS
Exploits1References5
Rows per page
Query Builder