Vulnerabilities in filebrowser
38 resultsCVE-2026-32758MEDIUMFile Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination ParameterEPSS 0.4%CVE-2026-35607HIGHFile Browser: Proxy auth auto-provisioned users inherit Execute permission and CommandsEPSS 0.4%CVE-2025-64523HIGHFileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion FunctionEPSS 0.4%CVE-2026-55667HIGHFile Browser: Out-of-scope file deletion by a Create-only scoped user via symlink-following RemoveAll in upload failure-cleanupEPSS 0.4%CVE-2026-34530MEDIUMFile Browser is vulnerable to Stored Cross-Site Scripting via text/template branding injectionEPSS 0.4%CVE-2025-53893HIGHFile Browser Vulnerable to Uncontrolled Memory Consumption Due to Oversized File ProcessingEPSS 0.3%CVE-2026-54089CRITICALFile Browser: Authentication Bypass via Proxy Auth Header ForgeryEPSS 0.3%CVE-2026-35604HIGHFile Browser share links remain accessible after Share/Download permissions are revokedEPSS 0.3%CVE-2026-25889MEDIUMFile Browser has an Authentication Bypass in User Password UpdateEPSS 0.3%CVE-2026-54090HIGHFile Browser: Command Allowlist Bypass via Shell Metacharacter InjectionEPSS 0.3%CVE-2026-28492HIGHFile Browser: Path Traversal in Public Share Links Exposes Files Outside Shared DirectoryEPSS 0.3%CVE-2026-34529HIGHFile Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB fileEPSS 0.3%CVE-2025-52996LOWFile Browser's Password Protection of Links Vulnerable to BypassEPSS 0.3%CVE-2026-35606MEDIUMFile Browser discloses text file content via /api/resources endpoint bypassing Perm.Download checkEPSS 0.3%CVE-2025-52902HIGHFile Browser has Stored Cross-Site Scripting vulnerabilityEPSS 0.3%CVE-2025-52900MEDIUMFile Browser has Insecure File PermissionsEPSS 0.2%CVE-2026-54093MEDIUMFile Browser: Path traversal in download-as-zip/tar via Windows-style backslash separators in stored filenamesEPSS 0.2%CVE-2026-54096HIGHFile Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent PathEPSS 0.2%