Description

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link in the details of the share, which is accessible to anyone with JUST THE SHARE LINK, even without the password. Versions 1.1.3-stable and 1.2.6-beta fix the issue.

INFO

Published Date :

2026-02-25T02:24:48.357Z

Last Modified :

2026-02-27T17:11:18.122Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-27611 vulnerability.

Vendors Products
Gtsteffaniak
  • Filebrowser
  • Filebrowser Quantum
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27611.

URL Resource
https://github.com/gtsteffaniak/filebrowser/commit/c51b0ee9738fa4599b409f47c5bf820ef31b4fe1 cve-icon cve-icon
https://github.com/gtsteffaniak/filebrowser/security/advisories/GHSA-8vrh-3pm2-v4v6 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact