CVE-2026-30933
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Description
AI Translation Available
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and 1.2.2-stable.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0007
Percentile
0,2th
Updated
EPSS Score Trend (Last 6 Days)
200
Exposure of Sensitive Information to an Unauthorized Actor
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies:
Mobile, Not Technology-Specific, Web Based
306
Missing Authentication for Critical Function
DraftCommon Consequences
Security Scopes Affected:
Access Control
Other
Potential Impacts:
Gain Privileges Or Assume Identity
Varies By Context
Applicable Platforms
Technologies:
Cloud Computing, ICS/OT
602
Client-Side Enforcement of Server-Side Security
DraftCommon Consequences
Security Scopes Affected:
Access Control
Availability
Potential Impacts:
Bypass Protection Mechanism
Dos: Crash, Exit, Or Restart
Gain Privileges Or Assume Identity
Applicable Platforms
Technologies:
ICS/OT, Mobile
https://github.com/gtsteffaniak/filebrowser/releases/tag/v1.2.2-stable
https://github.com/gtsteffaniak/filebrowser/releases/tag/v1.3.1-beta
https://github.com/gtsteffaniak/filebrowser/security/advisories/GHSA-525j-95gf-…