CVE-2026-32761

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges perm.download = false but granted share...

CVE-2026-28492

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...

CVE-2026-28492

File Browser CVE-2026-28492 affects the File Browser file-management interface. Before v2.61.0, the withHashFile middleware uses filepath.Dir(link.Path) to determine BasePathFs, causing the filesystem root to be set to the parent directory of a public share rather than the share itself. This allo...

CVE-2026-28492 File Browser: Path Traversal in Public Share Links Exposes Files Outside Shared Directory

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...

GHSA-6JMM-MP6W-4RRG OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser

Impact NekoHtml Parser suffers from a denial of service vulnerability on versions 2.60.0 and below. A specifically crafted input regarding the parsing of processing instructions leads to heap memory consumption. Please update to version 2.61.0. For more information If you have any questions or...