Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 08 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Filebrowser
Filebrowser filebrowser |
|
| Vendors & Products |
Filebrowser
Filebrowser filebrowser |
|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create attacker-controlled files outside the user's scope. This issue is fixed in version 2.63.16. | |
| Title | File Browser: ScopedFs follows a dangling symlink on write, letting a scoped user create files outside their scope | |
| Weaknesses | CWE-22 CWE-59 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-08T16:11:52.007Z
Reserved: 2026-06-17T00:05:03.777Z
Link: CVE-2026-55668
Updated: 2026-07-08T16:11:48.231Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T17:15:02Z