4.3
CVSS V3
Status
Impact
No fix is currently available upstream. The vulnerability is being tracked at: https://github.com/filebrowser/filebrowser/issues/5239. It allows password-protected file shares to expose direct download links without enforcing access controls. Users should evaluate the risk of sensitive file exposure and consider disabling password-protected sharing until a patch is released. Once this is done, we will update the package and remediate the CVE.
Status
Status
Fixed version
2.36.0-r0Status