CVE-2026-35604
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
Apr 07, 2026
Vendor
unknown
Description
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to unauthenticated users. The public share download handler does not re-check the share owner's current permissions. This vulnerability is fixed in 2.63.1.