PT-2026-56466 · Filebrowser · Filebrowser

Published

2026-07-08

·

Updated

2026-07-08

·

CVE-2026-55668

CVSS v3.1

6.3

Medium

VectorAV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create attacker-controlled files outside the user's scope. This issue is fixed in version 2.63.16.

Fix

Path traversal

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-55668

Affected Products

Filebrowser