GHSA-3jmg-p96m-m328

Source

https://github.com/advisories/GHSA-3jmg-p96m-m328

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-3jmg-p96m-m328/GHSA-3jmg-p96m-m328.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3jmg-p96m-m328

Aliases

CVE-2026-46410

Published

2026-05-19T20:14:12Z

Modified

2026-05-19T20:30:23.647518796Z

Severity

8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

FileBrowser Quantum: unauthenticated user share share info

Details

Impact

Some sensitive info -- such as source and path can get exposed.

Patches

Update to the latest version

Workarounds

Database specific

{
    "cwe_ids": [
        "CWE-200"
    ],
    "github_reviewed": true,
    "nvd_published_at": null,
    "github_reviewed_at": "2026-05-19T20:14:12Z",
    "severity": "HIGH"
}

References

Affected packages

Go / github.com/gtsteffaniak/filebrowser/backend

Package

Name: github.com/gtsteffaniak/filebrowser/backend; View open source insights on deps.dev
Purl: pkg:golang/github.com/gtsteffaniak/filebrowser/backend

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.0-20260514154726-1802e1281135

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-3jmg-p96m-m328/GHSA-3jmg-p96m-m328.json"

Go / github.com/gtsteffaniak/filebrowser

Package

Name: github.com/gtsteffaniak/filebrowser; View open source insights on deps.dev
Purl: pkg:golang/github.com/gtsteffaniak/filebrowser

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.1-stable.0.20260514154726-1802e1281135

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-3jmg-p96m-m328/GHSA-3jmg-p96m-m328.json"