Improper Input Validation in File Browser Product by File Browser
CVE-2026-54096

8.4HIGH

Key Information:

Vendor: Filebrowser
Status: Filebrowser
Vendor: CVE Published:; 25 June 2026

🔔 Create Filebrowser Vulnerability Alert

What is CVE-2026-54096?

The vulnerability in File Browser allows an authenticated user to create a public share record for an arbitrary file path without confirming the target file's existence. This security oversight means that when a file is later created at that path, the public share becomes immediately valid, exposing the new file without proper authorization through a public download link. This issue has been addressed in version 2.63.7.

Affected Version(s)

filebrowser < 2.63.7

References

https://github.com/filebrowser/filebrowser/security/advis...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 11, 2026

CVE-2026-54096 Data

JSON