Excessive Password Input Vulnerability in File Browser by File Browser Team
CVE-2026-54092

6.5MEDIUM

Key Information:

Vendor

Filebrowser

Status
Filebrowser
Vendor
CVE Published:
25 June 2026

What is CVE-2026-54092?

File Browser, a file management interface, suffers from a vulnerability that allows users to submit excessively long passwords to the login API. This issue can cause significant spikes in CPU and memory usage, leading to application crashes and severe lag within any created containers. Even after a container is destroyed, users reported errors with the Docker daemon returning a status code of 500. This vulnerability has been addressed in version 2.63.6.

Affected Version(s)

filebrowser < 2.63.6

References

https://github.com/filebrowser/filebrowser/security/advis...
x_refsource_CONFIRM
https://github.com/filebrowser/filebrowser/commit/847d08b...
x_refsource_MISC
https://github.com/filebrowser/filebrowser/releases/tag/v...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.