Symlink Vulnerability in File Browser by Filebrowser
CVE-2026-55668

6.3MEDIUM

Key Information:

Vendor
CVE Published:
8 July 2026

What is CVE-2026-55668?

File Browser, a web-based file management system, has a security flaw that allows authenticated users with Create and Modify permissions to exploit dangling symlinks. Prior to version 2.63.16, the ScopedFs mechanism validates the nearest existing ancestor of a dangling symlink during file creation. This can lead to attackers being able to create and control files outside of their designated scopes, thereby compromising the security and integrity of the file system. This vulnerability was addressed in version 2.63.16.

Affected Version(s)

filebrowser < 2.63.16

References

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.