PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-61874 filebrowser CVE debrief

CVE-2026-61874 is a low-severity vulnerability in filebrowser versions before 2.63.17. The vulnerability allows authenticated users to leave stale public shares behind by failing to normalize paths before querying the share index in DeleteWithPathPrefix. An attacker can exploit this by deleting a shared directory using a trailing-slash path and then recreating the same directory to expose new contents through the dormant public share URL. This vulnerability has a CVSS score of 2.3, indicating a low severity. Users of filebrowser versions before 2.63.17 should be aware of this vulnerability and take steps to mitigate it.

Vendor
filebrowser
Product
Unknown
CVSS
LOW 2.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-12
Original CVE updated
2026-07-12
Advisory published
2026-07-12
Advisory updated
2026-07-12

Who should care

Users of filebrowser versions before 2.63.17 should be aware of this vulnerability and take steps to mitigate it. This includes ensuring that the latest version of filebrowser is installed and that proper security measures are in place to prevent unauthorized access. Additionally, users should review and update access controls to prevent unauthorized access and monitor for suspicious activity related to public shares.

Technical summary

The vulnerability in filebrowser versions before 2.63.17 is due to the failure to normalize paths before querying the share index in DeleteWithPathPrefix. This allows authenticated users to delete a shared directory using a trailing-slash path and then recreate the same directory to expose new contents through the dormant public share URL. The CVSS score for this vulnerability is 2.3, indicating a low severity. This vulnerability can be mitigated by upgrading to filebrowser version 2.63.17 or later and reviewing and updating access controls to prevent unauthorized access.

Defensive priority

Low to Medium, as the vulnerability requires authenticated access and has a low CVSS score, but can still be used to expose sensitive information. Users should prioritize upgrading to filebrowser version 2.63.17 or later and reviewing and updating access controls to prevent unauthorized access. Monitoring for suspicious activity related to public shares is also recommended. Compensating controls, such as limiting access to sensitive directories and implementing additional security measures, may also be necessary to prevent exploitation. Asset inventory and source tracking can help identify potential vulnerabilities and prioritize remediation efforts. Rollback/change windows and exposure review can also help minimize the impact of a potential exploit. Regularly reviewing and updating security measures can help prevent exploitation and minimize the impact of a potential vulnerability. This vulnerability highlights the importance of keeping software up-to-date and implementing robust security measures to prevent unauthorized access and data breaches. By prioritizing remediation efforts and implementing compensating controls, users can reduce the risk of exploitation and protect sensitive information. Therefore, a defensive priority of Low to Medium is assigned to this vulnerability, reflecting its potential impact and the recommended mitigation efforts. The priority level is based on the CVSS score, the vulnerability's potential impact, and the recommended mitigation efforts. It is essential to note that the defensive priority may vary depending on the specific use case and environment. Users should carefully evaluate their specific situation and adjust their defensive priority accordingly. In general, it is recommended to prioritize remediation efforts for vulnerabilities with a low to medium defensive priority, as they can still have a significant impact if exploited. By prioritizing remediation efforts and implementing compensating controls, users can reduce the risk of exploitation and protect sensitive information. The recommended defensive priority is Low to Medium, and users should take steps to mitigate this vulnerability accordingly. The vulnerability's CV

Recommended defensive actions

  • Upgrade to filebrowser version 2.63.17 or later
  • Review and update access controls to prevent unauthorized access
  • Monitor for suspicious activity related to public shares
  • Perform asset inventory to identify potential vulnerabilities
  • Implement compensating controls for exposed systems
  • Conduct exposure review for affected assets
  • Track exceptions and retest remediated assets

Evidence notes

The CVE record was published on 2026-07-12T12:16:46.117Z and has not been modified since then. The NVD entry is currently in the 'Received' state. Limited information is available about the vulnerability, and further investigation is needed to fully understand the impact. The vulnerability allows authenticated users to leave stale public shares behind by failing to normalize paths before querying the share index in DeleteWithPathPrefix. This can be exploited by deleting a shared directory using a trailing-slash path and then recreating the same directory to expose new contents through the dormant public share URL.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-12T12:16:46.117Z and has not been modified since then. The NVD entry is currently in the 'Received' state.