Arbitrary File Write Vulnerability in File Browser by FileBrowser
CVE-2026-54093

6.8MEDIUM

Key Information:

Vendor: Filebrowser
Status: Filebrowser
Vendor: CVE Published:; 25 June 2026

🔔 Create Filebrowser Vulnerability Alert

What is CVE-2026-54093?

File Browser, a versatile file management interface, has a security flaw that allows attackers to exploit Windows-style path traversal when handling file names. This flaw leads to the potential for arbitrary file write on Linux systems when users download and extract specially crafted ZIP or TAR files. Though the application correctly processes file paths on Linux, it fails to sanitize backslashes, resulting in unsafe file extractions beyond designated directories. Users should upgrade to version 2.63.6 to remediate this vulnerability.

Affected Version(s)

filebrowser < 2.63.6

References

https://github.com/filebrowser/filebrowser/security/advis...

x_refsource_CONFIRM

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 11, 2026

CVE-2026-54093 Data

JSON