CVE-2026-29188 - Vulnerability Analysis

Overview

File Browser < 2.61.1 contains a broken access control vulnerability caused by improper permission checks in the TUS protocol DELETE endpoint, letting authenticated users with Create permission delete arbitrary files, exploit requires user authentication.

Severity & Score

Impact

Authenticated users with limited permissions can delete arbitrary files, potentially causing data loss or disruption.

Mitigation

Upgrade to version 2.61.1 or later.

References

• https://github.com/filebrowser/filebrowser/security/advisories/GHSA-79pf-vx4x-7jmm
• https://github.com/filebrowser/filebrowser/commit/7ed1425115be602c2b23236c410098ea2d74b42f
• https://github.com/filebrowser/filebrowser/releases/tag/v2.61.1

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 6, 2026

🔴 CVE-2026-29188 - Critical (9.1) File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.1, a broken access control vulnerability in the TUS protocol DELETE endpoint a... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29188/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner