CVE-2026-44542 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: May 14, 2026
FileBrowser Quantum - Path Traversal
Overview
FileBrowser Quantum < 1.3.1-stable and < 1.3.9-beta contains a path traversal caused by improper sanitization of attacker-controlled path input joined with a trusted base path, letting unauthenticated attackers with valid public share hash and delete permissions delete arbitrary files outside the shared directory.
Severity & Score
Impact
Unauthenticated attackers with valid public share hash and delete permissions can delete arbitrary files outside the shared directory, causing data loss.
Mitigation
Upgrade to version 1.3.1-stable or 1.3.9-beta.
Social Media Activity(2 posts)
🚨 CRITICAL: CVE-2026-44542 in gtsteffaniak FileBrowser Quantum (<1.3.1-stable, <1.3.9-beta) allows unauthenticated file deletion via path traversal. Upgrade to fixed versions ASAP for protection! https://radar.offseq.com/threat/cve-2026-44542-cwe-22-improper-limitation-of-a-pat-f7d1f33b #OffSeq #vulnerability #FileBrowser #cybersecurity
View original post
🚨 CRITICAL: CVE-2026-44542 in gtsteffaniak FileBrowser Quantum (<1.3.1-stable, <1.3.9-beta) allows unauthenticated file deletion via path traversal. Upgrade to fixed versions ASAP for protection! https://radar.offseq.com/threat/cve-2026-44542-cwe-22-improper-limitation-of-a-pat-f7d1f33b #OffSeq #vulnerability #FileBrowser #cybersecurity
View original postRelated Resources
Details
- CVE ID
- CVE-2026-44542
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- path_traversal
- Status
- unconfirmed
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H