CVE-2026-61874 in filebrowserالمعلومات

الملخص

بحسب MITRE • 12/07/2026

filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path, then recreate the same directory to expose new contents through the dormant public share URL.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

مسؤول

VulnCheck

حجز

10/07/2026

إفشاء

12/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-377867

EPSS

0.00000

KEV

لا

النشاطات

منخفض

المصادر

Do you want to use VulDB in your project?

Use the official API to access entries easily!