High severityNVD Advisory· Published Mar 10, 2026· Updated Mar 10, 2026
FileBrowser Quantum Incomplete Remediation of CVE-2026-27611: Password-Protected Share Bypass via /public/api/share/info
CVE-2026-30933
Description
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and 1.2.2-stable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/gtsteffaniak/filebrowser/backendGo | < 0.0.0-20260307130210-09713b32a5f6 | 0.0.0-20260307130210-09713b32a5f6 |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/gtsteffaniak/filebrowser/backendpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
< 0.0.0-20260307130210-09713b32a5f6+ 1 more
- (no CPE)range: < 0.0.0-20260307130210-09713b32a5f6
- (no CPE)range: < 0.0.20260317T205859-150000.1.152.1
- Range: >= 1.3.0-beta, < 1.3.1-beta
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-525j-95gf-766fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-30933ghsaADVISORY
- github.com/gtsteffaniak/filebrowser/releases/tag/v1.2.2-stableghsax_refsource_MISCWEB
- github.com/gtsteffaniak/filebrowser/releases/tag/v1.3.1-betaghsax_refsource_MISCWEB
- github.com/gtsteffaniak/filebrowser/security/advisories/GHSA-525j-95gf-766fghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.