Administrator Account Creation Vulnerability in File Browser by FileBrowser
CVE-2026-32760

10CRITICAL

Key Information:

Vendor: Filebrowser
Status: Filebrowser
Vendor: CVE Published:; 19 March 2026

🔔 Create Filebrowser Vulnerability Alert

What is CVE-2026-32760?

CVE-2026-32760 is a serious vulnerability found in File Browser, an open-source file management interface that facilitates the management of files and directories. This vulnerability exists in versions 2.61.2 and earlier, where the self-registration feature allows unauthenticated users to create full administrator accounts. When the signup option is enabled and default user permissions include admin privileges, new users can gain complete control over the system without any authentication. This means that an adversary, by simply accessing the public registration endpoint, could potentially register as an administrator, leading to unauthorized access and control.

The implications of this vulnerability are severe, particularly for organizations that rely on File Browser for secure file management. If exploited, it could lead to unauthorized access to sensitive files, compromise the integrity of the file management system, and enable attackers to manipulate user settings and permissions. This flaw underscores the importance of stringent security measures and careful configuration of default settings in applications that involve user registration.

Potential Impact of CVE-2026-32760

Unauthorized Administrative Access: The primary risk is that any unauthenticated user can register as an administrator, granting them unfettered access to all files, user accounts, and server configurations. This could lead to significant data breaches and unauthorized modifications.
Data Compromise and Integrity Risks: With administrative privileges, an attacker could manipulate, delete, or corrupt files within the system, leading to potential loss of critical data and disruption of services, which can severely impact organizational operations.
System Manipulation and Malicious Activities: The vulnerability could allow malicious actors to introduce further attacks, such as deploying malware, exfiltrating sensitive information, or leveraging the system for additional unauthorized activities, thereby expanding the attack surface of the affected organization.