cbcvebase.

Gtsteffaniak Filebrowser vulnerabilities

3 known vulnerabilities affecting gtsteffaniak/filebrowser.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2026-44542P2CRITICALCVSS 9.1fixed in 1.3.3-stablev>= 1.4.0-beta, < 1.4.2-beta2026-05-14
CVE-2026-44542 [CRITICAL] CWE-22 CVE-2026-44542: FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9- FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences (e.g., ../) to escape the intended shared directory. As a result, an unauthenticated attacker possessing a valid public share
nvd
CVE-2026-27611P3MEDIUMCVSS 6.5v>= 1.3.0-beta, < 1.3.1-betav>= 1.2.6-beta, < 1.2.2-stable+1 more2026-02-25
CVE-2026-27611 [MEDIUM] CWE-200 CVE-2026-27611: FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable a FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link in the details of the share, which is accessible to any
nvd
CVE-2026-30934P4MEDIUMCVSS 5.4v>= 1.3.0-beta, < 1.3.1-betafixed in 1.2.2-stable2026-03-10
CVE-2026-30934 [MEDIUM] CWE-79 CVE-2026-30934: FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-st FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields (e.g., title, description) that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead of html/template, allowing injected scripts to execut
nvd
Gtsteffaniak Filebrowser vulnerabilities | cvebase