CVE-2026-55668
MEDIUM
NVD
CVSS Score
6.3
Severity
MEDIUM
Published
Jul 08, 2026
Vendor
unknown
Description
File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create attacker-controlled files outside the user's scope. This issue is fixed in version 2.63.16.