Main Vulnerability Database Vulnerabilities #VU133486

Incorrect authorization in FileBrowser - #VU133486

Published: June 8, 2026

Vulnerability identifier: #VU133486

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-863

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: File Browser

Affected software:
FileBrowser

Detailed vulnerability description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper access control in public share handlers when processing requests for files and subdirectories beneath a shared directory using rebased relative paths. A remote attacker can request a specially crafted public share path to disclose sensitive information.

No authenticated session is required if the public share is not password protected.

Remediation

Install security update from vendor's website.

Sources

https://github.com/filebrowser/filebrowser/security/advisories/GHSA-j9jx-hp4c-ghhh

Incorrect authorization in FileBrowser - #VU133486

Detailed vulnerability description

Remediation

Sources

Please verify you're human