Filebrowser is susceptible to a high-severity vulnerability that could allow unauthorized actors to perform unauthorized file operations on the host system.

The vulnerability impacts the filebrowser interface, which facilitates file management tasks such as uploading, deleting, and editing. This flaw may allow an attacker to bypass intended access restrictions to read, write, or delete sensitive files on the server.

A successful exploit could result in full directory traversal or unauthorized file system manipulation, leading to data loss, leakage of sensitive configuration files, or arbitrary code execution. The CVSS score of 8.2 underscores the high risk to the availability and confidentiality of the data managed by the filebrowser application.

Immediate Action: Update the filebrowser application to the most recent version provided by the vendor.

Proactive Monitoring: Review server-side logs for unauthorized file access requests or suspicious upload activity that deviates from standard user behavior.

Compensating Controls: Ensure the filebrowser service is run with the minimum necessary system permissions to limit the scope of potential unauthorized file operations.

Public Exploit Available: false

Organizations utilizing filebrowser for administrative or user file management should apply the vendor-recommended updates immediately. Given the risk of unauthorized file system access, this update should be prioritized to prevent potential data compromise and system-level exploitation.