github.com/filebrowser/filebrowser/v2 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-54090Highgithub.com/filebrowser/filebrowser/v2: File Browser has a Command Execution Allowlist Bypass via Shell Metacharacter InjectionCVE-2026-54091Highgithub.com/filebrowser/filebrowser/v2: File Browser has incorrect access control for public directory shares via rule path rebasingCVE-2026-54093Mediumgithub.com/filebrowser/filebrowser/v2: File Browser: FilePath traversal in download-as-zip/tar via Windows-style backslash separators in…CVE-2026-54094Mediumgithub.com/filebrowser/filebrowser/v2: File Browser: Symlink following lets scoped users read, overwrite, and share files outside their…CVE-2026-54092Highgithub.com/filebrowser/filebrowser/v2: File Browser has a DoS Vulnerability via Public Login APICVE-2026-54096Highgithub.com/filebrowser/filebrowser/v2: File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent PathCVE-2026-54097Highgithub.com/filebrowser/filebrowser: File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in…CVE-2026-35607Highgithub.com/filebrowser/filebrowser/v2: File Browser: Proxy auth auto-provisioned users inherit Execute permission and CommandsCVE-2026-35606Mediumgithub.com/filebrowser/filebrowser/v2: File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download checkCVE-2026-35604Highgithub.com/filebrowser/filebrowser/v2: File Browser share links remain accessible after Share/Download permissions are revokedCVE-2026-35605Mediumgithub.com/filebrowser/filebrowser/v2: File Browser has an access rule bypass via HasPrefix without trailing separator in path matchingCVE-2026-35585Highgithub.com/filebrowser/filebrowser/v2: File Browser has a Command Injection via Hook RunnerCVE-2026-34530Mediumgithub.com/filebrowser/filebrowser/v2: File Browser vulnerable to Stored Cross-site Scripting via text/template branding injectionCVE-2026-34528Highgithub.com/filebrowser/filebrowser/v2: File Browser's Signup Grants Execution Permissions When Default Permissions Includes ExecutionCVE-2026-34529Highgithub.com/filebrowser/filebrowser/v2: File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB fileCVE-2026-32758Mediumgithub.com/filebrowser/filebrowser/v2: File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination ParameterCVE-2026-32760Criticalgithub.com/filebrowser/filebrowser/v2: File Browser Signup Grants Admin When Default Permissions Include AdminCVE-2026-32759Mediumgithub.com/filebrowser/filebrowser/v2: File Browser TUS Negative Upload-Length Fires Post-Upload Hooks PrematurelyCVE-2026-29188Criticalgithub.com/filebrowser/filebrowser/v2: File Browser's TUS Delete Endpoint Bypasses Delete Permission CheckCVE-2026-28492Highgithub.com/filebrowser/filebrowser/v2: FileBrowser has Path Traversal in Public Share Links that Exposes Files Outside Shared DirectoryCVE-2026-25890Highgithub.com/filebrowser/filebrowser/v2: File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URLCVE-2026-25889Mediumgithub.com/filebrowser/filebrowser/v2: File Browser has an Authentication Bypass in User Password UpdateCVE-2026-23849Mediumgithub.com/filebrowser/filebrowser: File Browser Vulnerable to Username Enumeration via Timing Attack in /api/loginGHSA-6JQF-MV7M-3Q7PCriticalgithub.com/filebrowser/filebrowser/v2: File Browser has risk of HTTP Request/Response smuggling through vulnerable dependencyCVE-2025-64523Highgithub.com/filebrowser/filebrowser/v2: File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function

Stop the waste.
Protect your environment with Kodem.