filebrowser

Top products

The 15 most recently published vulnerabilities affecting filebrowser.

• CVE-2026-35607File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands8.1Apr 7, 2026
• CVE-2026-35606File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check7.5Apr 7, 2026
• CVE-2026-35605File Browser has an access rule bypass via HasPrefix without trailing separator in path matching7.5Apr 7, 2026
• CVE-2026-35604File Browser share links remain accessible after Share/Download permissions are revoked8.1Apr 7, 2026
• CVE-2026-35585File Browser has a Command Injection via Hook Runner7.2Apr 7, 2026
• CVE-2026-34530File Browser is vulnerable to Stored Cross-Site Scripting via text/template branding injection6.9Apr 1, 2026
• CVE-2026-34528File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution8.1Apr 1, 2026
• CVE-2026-34529File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file7.6Apr 1, 2026
• CVE-2026-32761File Browser has an Authorization Policy Bypass in its Public Share Download Flow6.5Mar 19, 2026
• CVE-2026-32760File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin9.8Mar 19, 2026
• CVE-2026-32759File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely8.1Mar 19, 2026
• CVE-2026-32758File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter6.5Mar 19, 2026
• CVE-2026-30934FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse)8.9Mar 10, 2026
• CVE-2026-30933FileBrowser Quantum Incomplete Remediation of CVE-2026-27611: Password-Protected Share Bypass via /public/api/share/info7.5Mar 10, 2026
• CVE-2026-29188File Browser: TUS Delete Endpoint Bypasses Delete Permission Check9.1Mar 5, 2026