Incorrect authorization in FileBrowser - #VU135765
Published: June 29, 2026
FileBrowser
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to incorrect authorization in the public share cleanup logic in storage/bolt/share.go when deleting a shared directory through a trailing-slash path. A remote user can create a public share and send an authenticated delete request for the shared directory path with a trailing slash to disclose sensitive information.
The stale public share remains dormant until a directory at the same path is recreated, after which the old public URL exposes the new directory contents without authentication.