Symlink Vulnerability in File Browser by Filebrowser
CVE-2026-55668
6.3MEDIUM
What is CVE-2026-55668?
File Browser, a web-based file management system, has a security flaw that allows authenticated users with Create and Modify permissions to exploit dangling symlinks. Prior to version 2.63.16, the ScopedFs mechanism validates the nearest existing ancestor of a dangling symlink during file creation. This can lead to attackers being able to create and control files outside of their designated scopes, thereby compromising the security and integrity of the file system. This vulnerability was addressed in version 2.63.16.
Affected Version(s)
filebrowser < 2.63.16
