Description

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to unauthenticated users. The public share download handler does not re-check the share owner's current permissions. This vulnerability is fixed in 2.63.1.

INFO

Published Date :

2026-04-07T16:22:51.557Z

Last Modified :

2026-04-07T18:26:43.881Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-35604 vulnerability.

Vendors Products
Filebrowser
  • Filebrowser
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-35604.

URL Resource
https://github.com/filebrowser/filebrowser/pull/5888 cve-icon cve-icon
https://github.com/filebrowser/filebrowser/security/advisories/GHSA-v9w4-gm2x-6rvf cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability