cbcvebase.
CVE-2026-30933
published 2026-03-10

CVE-2026-30933: FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete…

PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.54%
41.5th percentile
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and 1.2.2-stable.

Affected

4 ranges
VendorProductVersion rangeFixed in
filebrowserfilebrowser<= 1.2.9
filebrowserfilebrowser
filebrowserfilebrowser
github.comgtsteffaniak_filebrowser_backend>= 0 < 0.0.0-20260307130210-09713b32a5f60.0.0-20260307130210-09713b32a5f6

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa7.1HIGH
osv7.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.