cbcvebase.

Github.Com Gtsteffaniak Filebrowser vulnerabilities

3 known vulnerabilities affecting github.com/gtsteffaniak_filebrowser.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2

Vulnerabilities

Page 1 of 1
CVE-2026-44542P2CRITICAL≥ 0, < 0.0.0-20260501183844-112740bdd41d2026-05-07
CVE-2026-44542 [CRITICAL] CWE-22 FileBrowser Public Share DELETE API Path Traversal Allows Unauthenticated Arbitrary File Deletion FileBrowser Public Share DELETE API Path Traversal Allows Unauthenticated Arbitrary File Deletion ### **Summary** Attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences (e.g., ../) to escape the intended shared directory. As a result, an unauthenticated attacker possessing a valid public share hash with
ghsa
CVE-2026-30934P4HIGH≥ 0, < 0.0.0-20260307130210-09713b32a5f62026-03-09
CVE-2026-30934 [HIGH] CWE-79 FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse) FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse) ## Summary Stored XSS is possible via share metadata fields (e.g., `title`, `description`) that are rendered into HTML for `/public/share/` without context-aware escaping. The server uses `text/template` instead of `html/template`, allowing injected script
ghsaosv
CVE-2026-46410HIGH≥ 0, < 1.2.1-stable.0.20260514154726-1802e12811352026-05-19
CVE-2026-46410 [HIGH] CWE-200 FileBrowser Quantum: unauthenticated user share share info FileBrowser Quantum: unauthenticated user share share info ### Impact Some sensitive info -- such as source and path can get exposed. ### Patches Update to the latest version ### Workarounds no
ghsa
Github.Com Gtsteffaniak Filebrowser vulnerabilities | cvebase