Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

filebrowser — Vulnerabilities & Security Advisories 31

All 31 CVE vulnerabilities found in filebrowser, with AI-generated Chinese analysis, references, and POCs.

Vendor: filebrowser

CVE IDTitleCVSSSeverityPublished
CVE-2026-35607 File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands CWE-269 8.1 High2026-04-07
CVE-2026-35606 File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check CWE-862 6.5AIMediumAI2026-04-07
CVE-2026-35605 File Browser has an access rule bypass via HasPrefix without trailing separator in path matching CWE-22 7.3AIHighAI2026-04-07
CVE-2026-35604 File Browser share links remain accessible after Share/Download permissions are revoked CWE-863 4.3AIMediumAI2026-04-07
CVE-2026-35585 File Browser has a Command Injection via Hook Runner CWE-78 8.8AIHighAI2026-04-07
CVE-2026-34530 File Browser is vulnerable to Stored Cross-Site Scripting via text/template branding injection CWE-79 6.9 Medium2026-04-01
CVE-2026-34528 File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution CWE-269 8.1 High2026-04-01
CVE-2026-34529 File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file CWE-79 7.6 High2026-04-01
CVE-2026-32761 File Browser has an Authorization Policy Bypass in its Public Share Download Flow CWE-284 6.5 Medium2026-03-19
CVE-2026-32760 File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin CWE-269 9.8 -2026-03-19
CVE-2026-32759 File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely CWE-190 8.1 -2026-03-19
CVE-2026-32758 File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter CWE-863 6.5 Medium2026-03-19
CVE-2026-30934 FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse) CWE-79 8.9 High2026-03-10
CVE-2026-30933 FileBrowser Quantum Incomplete Remediation of CVE-2026-27611: Password-Protected Share Bypass via /public/api/share/info CWE-200 7.5 High2026-03-10
CVE-2026-28492 File Browser: Path Traversal in Public Share Links Exposes Files Outside Shared Directory CWE-200 8.1 -2026-03-05
CVE-2026-29188 File Browser: TUS Delete Endpoint Bypasses Delete Permission Check CWE-732 9.1 Critical2026-03-05
CVE-2026-27611 FileBrowser Quantum: Password Protection Not Enforced on Shared File Links CWE-200 6.5AIMediumAI2026-02-25
CVE-2026-25890 File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL CWE-706 8.1 High2026-02-09
CVE-2026-25889 File Browser has an Authentication Bypass in User Password Update CWE-178 5.4 Medium2026-02-09
CVE-2026-23849 File Browser vulnerable to Username Enumeration via Timing Attack in /api/login CWE-208 5.3 Medium2026-01-19
CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function CWE-285 7.1 -2025-11-12
CVE-2025-53826 FileBrowser Has Insecure JWT Handling Which Allows Session Replay Attacks after Logout CWE-305 9.8AICriticalAI2025-07-15
CVE-2025-53893 File Browser Vulnerable to Uncontrolled Memory Consumption Due to Oversized File Processing CWE-400 6.5AIMediumAI2025-07-15
CVE-2025-52997 File Browser Insecurely Handles Passwords CWE-307 5.9 Medium2025-06-30
CVE-2025-52996 File Browser's Password Protection of Links Vulnerable to Bypass CWE-305 3.1 Low2025-06-30
CVE-2025-52995 File Browser vulnerable to command execution allowlist bypass CWE-77 8.1 High2025-06-30
CVE-2025-52901 File Browser allows sensitive data to be transferred in URL CWE-598 4.5 Medium2025-06-30
CVE-2025-52904 File Browser: Command Execution not Limited to Scope CWE-77 8.1 High2025-06-26
CVE-2025-52903 File Browser Allows Execution of Shell Commands That Can Spawn Other Commands CWE-77 8.1 High2025-06-26
CVE-2025-52902 File Browser has Stored Cross-Site Scripting vulnerability CWE-79 7.6 High2025-06-26

All 31 known CVE vulnerabilities affecting filebrowser with full Chinese analysis, references, and POCs where available.