Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-55668

MEDIUM NVD
CVSS Score 6.3
Severity MEDIUM
Published Jul 08, 2026
Vendor unknown

Description

File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create attacker-controlled files outside the user's scope. This issue is fixed in version 2.63.16.

References