Path Normalization Flaw in Filebrowser by Filebrowser Inc.
CVE-2026-61874
2.3LOW
What is CVE-2026-61874?
Filebrowser versions prior to 2.63.17 exhibit a path normalization vulnerability within the DeleteWithPathPrefix function. This flaw permits authenticated users to manipulate the share index by using trailing-slash paths. As a result, users can delete shared directories, only to recreate them, thereby reopening access to stale public shares, which can lead to unauthorized exposure of sensitive data through outdated URLs.
Affected Version(s)
filebrowser 0 < 2.63.17
filebrowser 2.63.17
