PT-2026-57558 · Unknown · Filebrowser

Davidcarliez

+1

·

Published

2026-07-12

·

Updated

2026-07-12

·

CVE-2026-61874

CVSS v3.1

3.1

Low

VectorAV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions filebrowser versions prior to 2.63.17
Description Authenticated users can leave stale public shares behind because the software fails to normalize paths before querying the share index in the DeleteWithPathPrefix() function. An attacker can delete a shared directory by using a path with a trailing slash and subsequently recreate the directory to expose new contents via the dormant public share URL.
Recommendations Update to version 2.63.17 or later.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-61874

Affected Products

Filebrowser