Privilege escalation in Filebrowser

CVE-2026-32760

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account wh…

Vulnerability class: Privilege Escalation

EPSS: 0.000 (7.9th percentile) — read the EPSS interpretation.

Affected products

Filebrowser — versions < 2.62.0

Weakness classification (CWE)

References

https://github.com/filebrowser/filebrowser/security/advisories/GHSA-5gg9-5g7w-hm73 (x_refsource_CONFIRM)
https://github.com/filebrowser/filebrowser/commit/a63573b67eb302167b4c4f218361a2d0c138deab (x_refsource_MISC)
https://github.com/filebrowser/filebrowser/releases/tag/v2.62.0 (x_refsource_MISC)