CVE-2026-61874 in filebrowserИнформация

Сводка

по MITRE • 12.07.2026

filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path, then recreate the same directory to expose new contents through the dormant public share URL.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Ответственный

VulnCheck

Резервировать

10.07.2026

Раскрытие

12.07.2026

Модерация

принято

Вход

VDB-377867

EPSS

0.00000

KEV

Нет

Деятельности

Низкий

Источники

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!