VDB
GO-2026-4474
GO-2026-4474
PUBLISHED
File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL in github.com/filebrowser/filebrowser
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | filebrowser/filebrowser/v2 | 0, 0 |
| github.com | filebrowser/filebrowser | 0, 0 |
Timeline
- Feb 17, 2026 CVE Published
- Feb 19, 2026 CVE Updated
- May 1, 2026 Security Advisory
References
- https://github.com/filebrowser/filebrowser/security/advisories/GHSA-4mh3-h929-w968 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-25890 advisory
- https://github.com/filebrowser/filebrowser/commit/489af403a19057f6b6b4b1dc0e48cbb26a202ef9 patch
- https://github.com/filebrowser/filebrowser/releases/tag/v2.57.1 url