CNNVD-202602-1261 Information

Feb 09, 2026 cve

CNNVD ID

CNNVD-202602-1261

CVE-2026-25890

CNNVD Published: 2026-02-09

Description (Chinese)

File Browser是File Browser开源的一个文件管理界面，在指定的目录，它可以用来上传，删除，预览和编辑文件。 File Browser 2.57.1之前版本存在安全漏洞，该漏洞源于可通过修改请求URL绕过文件路径规则，可能导致未经授权访问受限文件。

Description (English)

File Browner, a file management interface open to File Browner, is a specified directory that can be used to upload, delete, preview and edit files. There was a security loophole in the pre-File Browner 2.571 version, which stemmed from the possibility of circumventing the file path rules by modifying the request URL, which could lead to unauthorized access to restricted documents.

Vulnerability Type

其他

Affected Vendor

File Browser

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/filebrowser/filebrowser/releases/tag/v2.57.1 https://github.com/filebrowser/filebrowser/security/advisories/GHSA-4mh3-h929-w968 https://github.com/filebrowser/filebrowser/commit/489af403a19057f6b6b4b1dc0e48cbb26a202ef9 https://cxsecurity.com/issue/WLB-2026020025 https://access.redhat.com/security/cve/cve-2026-25890

Patch

https://filebrowser.org/

Share on: