Path Traversal in Gtsteffaniak Filebrowser
CVE-2026-48777
FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-contro…
Vulnerability class: Path Traversal (Directory Traversal)
Affected products
- Gtsteffaniak Filebrowser — versions < 1.3.3-stable, >= 1.4.0-beta, < 1.4.2-beta
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)