VYPR
High severityNVD Advisory· Published Jul 15, 2025· Updated Jul 15, 2025

FileBrowser Has Insecure JWT Handling Which Allows Session Replay Attacks after Logout

CVE-2025-53826

Description

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.39.0, File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. As of time of publication, no known patches exist.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/filebrowser/filebrowserGo
<= 2.39.0
github.com/filebrowser/filebrowser/v2Go
<= 2.39.0

Affected products

4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.