What is CVE-2026-54088?

CVE-2026-54088 is a vulnerability in Filebrowser, classified under OS Command Injection. Published 2026-06-25.

Is CVE-2026-54088 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Filebrowser

CVE-2026-54088

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Browser allows administrators to delegate log…

Vulnerability class: Command Injection (OS Command Injection)

Affected products

Filebrowser — versions < 2.63.6

Weakness classification (CWE)

CWE-78 — OS Command Injection
CWE-88 — Argument Injection
CWE-306 — Missing Authentication for Critical Function

Public proof-of-concept exploits

Saku0512/CVE-2026-54088-poc

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-54088?: CVE-2026-54088 is a vulnerability in Filebrowser, classified under OS Command Injection. Published 2026-06-25.
Is CVE-2026-54088 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.