File Managing Interface Vulnerability in File Browser by FileBrowser
CVE-2026-35604

8.2HIGH

Key Information:

Vendor: Filebrowser
Status: Filebrowser
Vendor: CVE Published:; 7 April 2026

🔔 Create Filebrowser Vulnerability Alert

What is CVE-2026-35604?

The vulnerability in File Browser relates to improper handling of user permissions regarding file sharing. When an administrator revokes a user's share and download permissions, any existing share links created by that user remain accessible to unauthenticated users, leading to potential unauthorized access to sensitive data. The issue arises because the public share download handler does not verify the current permissions of the share owner. This security flaw can result in unintentional exposure of files even after permission changes are made. The vulnerability was remedied in version 2.63.1, which addresses these critical permission checks.

Affected Version(s)

filebrowser < 2.63.1

References

https://github.com/filebrowser/filebrowser/security/advis...

x_refsource_CONFIRM

https://github.com/filebrowser/filebrowser/pull/5888

x_refsource_MISC

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Apr 3, 2026

CVE-2026-35604 Data

JSON