Go modules package
github.com/gtsteffaniak/filebrowser
pkg:golang/github.com/gtsteffaniak/filebrowser
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-44542 | Cri | 9.1 | < 0.0.0-20260501183844-112740bdd41d | 0.0.0-20260501183844-112740bdd41d | May 14, 2026 | FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences (e.g., ../) to escape the intended shared directory. As | |
| CVE-2026-30934 | — | < 0.0.0-20260307130210-09713b32a5f6 | 0.0.0-20260307130210-09713b32a5f6 | Mar 10, 2026 | FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields (e.g., title, description) that are rendered into HTML for /public/share/ without context-aware escaping. The server us |
- affected < 0.0.0-20260501183844-112740bdd41dfixed 0.0.0-20260501183844-112740bdd41d
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences (e.g., ../) to escape the intended shared directory. As
- CVE-2026-30934Mar 10, 2026affected < 0.0.0-20260307130210-09713b32a5f6fixed 0.0.0-20260307130210-09713b32a5f6
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields (e.g., title, description) that are rendered into HTML for /public/share/ without context-aware escaping. The server us