PT-2026-56466 · Filebrowser · Filebrowser
Published
2026-07-08
·
Updated
2026-07-08
·
CVE-2026-55668
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N |
File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create attacker-controlled files outside the user's scope. This issue is fixed in version 2.63.16.
Fix
Path traversal
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Filebrowser