logo

Database

Improper authorization control for web services In github.com/filebrowser/filebrowser/v2

Description

File Browser's TUS Delete Endpoint Bypasses Delete Permission Check in github.com/filebrowser/filebrowser File Browser's TUS Delete Endpoint Bypasses Delete Permission Check in github.com/filebrowser/filebrowser

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-291882. NVD-2026-291883. OSV-2026-291884. OSV-GO-2026-46065. GHSA-79pf-vx4x-7jmm6. GCVE-2026-291887. GHSA-79pf-vx4x-7jmm

References

1. https://github.com/filebrowser/filebrowser/security/advisories/GHSA-79pf-vx4x-7jmm2. https://github.com/filebrowser/filebrowser/commit/7ed1425115be602c2b23236c410098ea2d74b42f3. https://github.com/filebrowser/filebrowser/releases/tag/v2.61.1

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.