CVE-2026-25890

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.57.1

Description File Browser offers a file management interface for tasks like uploading, deleting, previewing, renaming, and editing files within a designated directory. Before version 2.57.1, an authenticated user could circumvent the application's file path restrictions by manipulating the request URL. Specifically, adding multiple slashes (e.g., //private/) to the path causes the authorization check to fail, while the filesystem correctly resolves the path, potentially granting unauthorized access to restricted files. The vulnerability involves bypassing the application’s “Disallow” file path rules.

Recommendations Update to File Browser version 2.57.1 or later.