Stored Cross-Site Scripting Vulnerability in File Browser by File Browser Team
CVE-2026-34529

7.6HIGH

Key Information:

Vendor: Filebrowser
Status: Filebrowser
Vendor: CVE Published:; 1 April 2026

🔔 Create Filebrowser Vulnerability Alert

What is CVE-2026-34529?

The File Browser application, designed for file management operations, is exposed to a stored cross-site scripting vulnerability in its EPUB preview functionality. Prior to version 2.62.2, an attacker could exploit this flaw by embedding malicious JavaScript within a crafted EPUB file. When a victim previewed the affected file, the script would execute in their browser, potentially leading to unauthorized actions or data leakage. This vulnerability has been addressed and patched in the latest release.

Affected Version(s)

filebrowser < 2.62.2

References

https://github.com/filebrowser/filebrowser/security/advis...

x_refsource_CONFIRM

https://github.com/filebrowser/filebrowser/releases/tag/v...

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34529 Data

JSON