<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-11T22:06:44.437582+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/12db9681-864e-49f3-9a36-ca4370041974/export</id>
    <title>12db9681-864e-49f3-9a36-ca4370041974</title>
    <updated>2026-07-11T22:06:44.458751+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "12db9681-864e-49f3-9a36-ca4370041974", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54089", "type": "seen", "source": "https://gist.github.com/alon710/3054e318d0e890a38da4e9f158827df1", "content": "# CVE-2026-54089: CVE-2026-54089: Authentication Bypass by Spoofing in File Browser\n\n&amp;gt; **CVSS Score:** 9.1\n&amp;gt; **Published:** 2026-07-10\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-54089\n\n## Summary\nCVE-2026-54089 is a critical authentication bypass vulnerability in File Browser affecting instances configured with proxy-based authentication. An unauthenticated remote attacker with direct network access can impersonate arbitrary users or register new accounts by spoofing configured HTTP headers.\n\n## TL;DR\nUnauthenticated network-adjacent or remote attackers can gain full administrative access to File Browser instances by forging identity headers when the service is exposed without a validating reverse proxy.\n\n## Technical Details\n\n- **CWE ID**: CWE-290\n- **Attack Vector**: Network\n- **CVSS v3.1**: 9.1 (Critical)\n- **EPSS Score**: 0.00337\n- **Exploit Status**: None\n- **KEV Status**: Not listed\n\n## Affected Systems\n\n- File Browser deployments configured with proxy authentication (auth.method=proxy) that are directly exposed to untrusted networks\n- **File Browser**: &amp;gt;= 2.0.0-rc.1 (Fixed in: `None`)\n\n## Mitigation\n\n- Bind File Browser exclusively to localhost (127.0.0.1) or an internal isolated network.\n- Configure the upstream reverse proxy to sanitize, strip, or overwrite incoming client-supplied identity headers.\n- Disable proxy authentication if network-level source verification and header sanitation cannot be enforced.\n\n**Remediation Steps:**\n1. Verify the configured listen address in File Browser configuration or CLI command line flags (ensure it uses -a 127.0.0.1).\n2. Inspect the upstream proxy (e.g., Nginx, Traefik) and insert rules to clear client-supplied versions of the designated authentication header.\n3. Test vulnerability exposure by making a direct curl query to /api/login from an external network segment with the header set to verify it is blocked.\n\n## References\n\n- [GitHub Security Advisory GHSA-xqp3-jq6g-x3qm](https://github.com/filebrowser/filebrowser/security/advisories/GHSA-xqp3-jq6g-x3qm)\n- [File Browser Proxy Authentication Code](https://github.com/filebrowser/filebrowser/blob/main/auth/proxy.go)\n- [File Browser Authentication Endpoint Code](https://github.com/filebrowser/filebrowser/blob/main/http/auth.go)\n- [NVD CVE-2026-54089 Details](https://nvd.nist.gov/vuln/detail/CVE-2026-54089)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-54089) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-11T03:42:32.121308Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/12db9681-864e-49f3-9a36-ca4370041974/export"/>
    <published>2026-07-11T03:42:32.121308+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/dd75cea4-00eb-49a4-961a-60a3c201e07a/export</id>
    <title>dd75cea4-00eb-49a4-961a-60a3c201e07a</title>
    <updated>2026-07-11T22:06:44.460153+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "dd75cea4-00eb-49a4-961a-60a3c201e07a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54088", "type": "seen", "source": "https://gist.github.com/alon710/df4eb1ffd54e58f3fa15744ed3724d35", "content": "# CVE-2026-54088: CVE-2026-54088: Pre-Authentication Remote Code Execution in File Browser Hook Authentication\n\n&amp;gt; **CVSS Score:** 9.3\n&amp;gt; **Published:** 2026-07-10\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-54088\n\n## Summary\nCVE-2026-54088 is a critical command injection vulnerability in File Browser prior to version 2.63.6. When Hook Authentication is enabled, the application interpolates unsanitized credentials into a shell command, allowing unauthenticated remote code execution.\n\n## TL;DR\nUnauthenticated remote command execution vulnerability in File Browser's Hook Authentication feature via unsanitized username/password inputs.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-78\n- **Attack Vector**: Network (AV:N)\n- **CVSS Score**: 9.3 (Critical)\n- **EPSS Score**: 0.00533 (Percentile: 41.19%)\n- **Impact**: Pre-Authentication Remote Code Execution\n- **Exploit Status**: Public Proof-of-Concept Available\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- File Browser (all deployments using Hook Authentication prior to 2.63.6)\n- **filebrowser**: &amp;lt; 2.63.6 (Fixed in: `2.63.6`)\n\n## Mitigation\n\n- Upgrade File Browser to version 2.63.6 or later.\n- Disable Hook Authentication and fall back to local database authentication.\n- Deploy Web Application Firewall (WAF) rules to inspect login payloads.\n\n**Remediation Steps:**\n1. Identify running File Browser instances and check current versions.\n2. Pull and deploy the patched version (v2.63.6 or higher).\n3. If immediate patching is impossible, disable the Hook Auth feature via configuration.\n4. Verify the vulnerability is resolved by testing with safe canary injection attempts.\n\n## References\n\n- [NVD - CVE-2026-54088](https://nvd.nist.gov/vuln/detail/CVE-2026-54088)\n- [CVE - CVE-2026-54088](https://www.cve.org/CVERecord?id=CVE-2026-54088)\n- [File Browser v2.63.5 Vulnerable auth/hook.go Source Code](https://github.com/filebrowser/filebrowser/blob/v2.63.5/auth/hook.go)\n- [Saku0512 Public PoC Repository](https://github.com/Saku0512/CVE-2026-54088-poc)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-54088) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-11T02:41:50.212610Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/dd75cea4-00eb-49a4-961a-60a3c201e07a/export"/>
    <published>2026-07-11T02:41:50.212610+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/62fbf702-8898-4db5-becf-cd6ca79649d8/export</id>
    <title>62fbf702-8898-4db5-becf-cd6ca79649d8</title>
    <updated>2026-07-11T22:06:44.460300+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "62fbf702-8898-4db5-becf-cd6ca79649d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54089", "type": "published-proof-of-concept", "source": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-xqp3-jq6g-x3qm", "content": "", "creation_timestamp": "2026-07-10T20:35:14.770110Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/62fbf702-8898-4db5-becf-cd6ca79649d8/export"/>
    <published>2026-07-10T20:35:14.770110+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9774a81b-ef2a-4947-abcc-e5d8a023f7e5/export</id>
    <title>9774a81b-ef2a-4947-abcc-e5d8a023f7e5</title>
    <updated>2026-07-11T22:06:44.461541+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "9774a81b-ef2a-4947-abcc-e5d8a023f7e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54088", "type": "published-proof-of-concept", "source": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-m93h-4hw7-5qcm", "content": "", "creation_timestamp": "2026-07-10T20:35:07.110793Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9774a81b-ef2a-4947-abcc-e5d8a023f7e5/export"/>
    <published>2026-07-10T20:35:07.110793+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c43d7dde-36fa-47e7-918e-9c9d3a9a1a40/export</id>
    <title>c43d7dde-36fa-47e7-918e-9c9d3a9a1a40</title>
    <updated>2026-07-11T22:06:44.461665+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c43d7dde-36fa-47e7-918e-9c9d3a9a1a40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54088", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqcxokhktk2v", "content": "CVE-2026-54088 - filebrowser\nThe File Browser's login system has a weakness that allows an attacker to execute commands on the server without needing a login. This is a serious security issue because it\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#filebrowser #Golang #CVE #infosec", "creation_timestamp": "2026-07-10T20:16:06.007040Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c43d7dde-36fa-47e7-918e-9c9d3a9a1a40/export"/>
    <published>2026-07-10T20:16:06.007040+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6211496f-b390-48e3-b56d-fe8e541a4e48/export</id>
    <title>6211496f-b390-48e3-b56d-fe8e541a4e48</title>
    <updated>2026-07-11T22:06:44.461768+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6211496f-b390-48e3-b56d-fe8e541a4e48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54089", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqcxoiwmmg2z", "content": "CVE-2026-54089 - filebrowser\nWhen FileBrowser is configured to use proxy authentication, an attacker can impersonate any user, including administrators, by sending a fake HTTP header. This allows the\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#filebrowser #Golang #CVE #infosec", "creation_timestamp": "2026-07-10T20:16:04.035535Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6211496f-b390-48e3-b56d-fe8e541a4e48/export"/>
    <published>2026-07-10T20:16:04.035535+00:00</published>
  </entry>
</feed>
