{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T02:32:58.644","vulnerabilities":[{"cve":{"id":"CVE-2026-29188","sourceIdentifier":"security-advisories@github.com","published":"2026-03-05T21:16:23.097","lastModified":"2026-03-10T19:42:36.507","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.1, a broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create permission to delete arbitrary files and directories within their scope, bypassing the intended Delete permission restriction. Any multi-user deployment where administrators explicitly restrict file deletion for certain users is affected. This issue has been patched in version 2.61.1."},{"lang":"es","value":"File Browser proporciona una interfaz de gestión de archivos dentro de un directorio especificado y puede utilizarse para subir, eliminar, previsualizar, renombrar y editar archivos. Antes de la versión 2.61.1, una vulnerabilidad de control de acceso roto en el endpoint DELETE del protocolo TUS permite a usuarios autenticados con solo permiso de Creación eliminar archivos y directorios arbitrarios dentro de su alcance, eludiendo la restricción de permiso de Eliminación prevista. Cualquier despliegue multiusuario donde los administradores restringen explícitamente la eliminación de archivos para ciertos usuarios se ve afectado. Este problema ha sido parcheado en la versión 2.61.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:filebrowser:filebrowser:*:*:*:*:*:*:*:*","versionEndExcluding":"2.61.1","matchCriteriaId":"C933E37A-6BEC-42C8-88CC-D8FD69116058"}]}]}],"references":[{"url":"https://github.com/filebrowser/filebrowser/commit/7ed1425115be602c2b23236c410098ea2d74b42f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/filebrowser/filebrowser/releases/tag/v2.61.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-79pf-vx4x-7jmm","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}