CVE-2026-34528 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2…
High CVSS: 8.1

CVE-2026-34528

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Apply(user), then strips only Admin. The Execute permission and Commands list from the default user template are not stripped. When an administrator has enabled signup, server-side execution, and set Execute=true in the default user template, any unauthenticated user who self-registers inherits shell execution capabilities and can run arbitrary commands on the server. This issue has been patched in version 2.62.2.
Vendor
Filebrowser
Product
Filebrowser
CWE
CWE-269
Yayın Tarihi
2026-04-01 21:17:00
Güncelleme
2026-04-06 20:41:19
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-269 Filebrowser HIGH Filebrowser 2026

Referanslar

https://github.com/filebrowser/filebrowser/releases/tag/v2.62.2 https://github.com/filebrowser/filebrowser/security/advisories/GHSA-x8jc-jvqm-pm3f https://github.com/filebrowser/filebrowser/security/advisories/GHSA-x8jc-jvqm-pm3f