Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

filebrowser — Vulnerabilities & Security Advisories 28

Browse all 28 CVE security advisories affecting filebrowser. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by filebrowser:filebrowser
CVE IDTitleCVSSSeverityPublished
CVE-2026-35607 File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands — filebrowserCWE-269 8.1 High2026-04-07
CVE-2026-35606 File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check — filebrowserCWE-862 6.5AIMediumAI2026-04-07
CVE-2026-35605 File Browser has an access rule bypass via HasPrefix without trailing separator in path matching — filebrowserCWE-22 7.3AIHighAI2026-04-07
CVE-2026-35604 File Browser share links remain accessible after Share/Download permissions are revoked — filebrowserCWE-863 4.3AIMediumAI2026-04-07
CVE-2026-35585 File Browser has a Command Injection via Hook Runner — filebrowserCWE-78 8.8AIHighAI2026-04-07
CVE-2026-34530 File Browser is vulnerable to Stored Cross-Site Scripting via text/template branding injection — filebrowserCWE-79 6.9 Medium2026-04-01
CVE-2026-34528 File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution — filebrowserCWE-269 8.1 High2026-04-01
CVE-2026-34529 File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file — filebrowserCWE-79 7.6 High2026-04-01
CVE-2026-32761 File Browser has an Authorization Policy Bypass in its Public Share Download Flow — filebrowserCWE-284 6.5 Medium2026-03-19
CVE-2026-32760 File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin — filebrowserCWE-269 9.8 -2026-03-19
CVE-2026-32759 File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely — filebrowserCWE-190 8.1 -2026-03-19
CVE-2026-32758 File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter — filebrowserCWE-863 6.5 Medium2026-03-19
CVE-2026-28492 File Browser: Path Traversal in Public Share Links Exposes Files Outside Shared Directory — filebrowserCWE-200 8.1 -2026-03-05
CVE-2026-29188 File Browser: TUS Delete Endpoint Bypasses Delete Permission Check — filebrowserCWE-732 9.1 Critical2026-03-05
CVE-2026-25890 File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL — filebrowserCWE-706 8.1 High2026-02-09
CVE-2026-25889 File Browser has an Authentication Bypass in User Password Update — filebrowserCWE-178 5.4 Medium2026-02-09
CVE-2026-23849 File Browser vulnerable to Username Enumeration via Timing Attack in /api/login — filebrowserCWE-208 5.3 Medium2026-01-19
CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function — filebrowserCWE-285 7.1 -2025-11-12
CVE-2025-53826 FileBrowser Has Insecure JWT Handling Which Allows Session Replay Attacks after Logout — filebrowserCWE-305 9.8AICriticalAI2025-07-15
CVE-2025-53893 File Browser Vulnerable to Uncontrolled Memory Consumption Due to Oversized File Processing — filebrowserCWE-400 6.5AIMediumAI2025-07-15
CVE-2025-52997 File Browser Insecurely Handles Passwords — filebrowserCWE-307 5.9 Medium2025-06-30
CVE-2025-52996 File Browser's Password Protection of Links Vulnerable to Bypass — filebrowserCWE-305 3.1 Low2025-06-30
CVE-2025-52995 File Browser vulnerable to command execution allowlist bypass — filebrowserCWE-77 8.1 High2025-06-30
CVE-2025-52901 File Browser allows sensitive data to be transferred in URL — filebrowserCWE-598 4.5 Medium2025-06-30
CVE-2025-52904 File Browser: Command Execution not Limited to Scope — filebrowserCWE-77 8.1 High2025-06-26
CVE-2025-52903 File Browser Allows Execution of Shell Commands That Can Spawn Other Commands — filebrowserCWE-77 8.1 High2025-06-26
CVE-2025-52902 File Browser has Stored Cross-Site Scripting vulnerability — filebrowserCWE-79 7.6 High2025-06-26
CVE-2025-52900 File Browser has Insecure File Permissions — filebrowserCWE-276 5.5 Medium2025-06-26

This page lists every published CVE security advisory associated with filebrowser. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.