cbcvebase.
CVE-2026-34529
published 2026-04-01

CVE-2026-34529: File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version…

PriorityP344critical9CVSS 3.1
AVNACLPRLUIRSCCHIHAH
EPSS
0.32%
23.8th percentile
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the EPUB preview function in File Browser is vulnerable to Stored Cross-Site Scripting (XSS). JavaScript embedded in a crafted EPUB file executes in the victim's browser when they preview the file. This issue has been patched in version 2.62.2.

Affected

2 ranges
VendorProductVersion rangeFixed in
filebrowserfilebrowser< 2.62.22.62.2
github.comfilebrowser_filebrowser_v2>= 0 < 2.62.22.62.2

CVSS provenance

nvdv3.19.0CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
ghsa4.8MEDIUM
osv4.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.