Vulnerabilities

CVE-2026-29188 - File Browser: TUS Delete Endpoint Bypasses Delete Permission Check

2026-03-05 0 views admin

CVE ID : CVE-2026-29188 Published : March 5, 2026, 9:16 p.m. | 27 minutes ago Description : File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.1, a broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create permission to delete arbitrary files and directories within their scope, bypassing the intended Delete permission restriction. Any multi-user deployment where administrators explicitly restrict file deletion for certain users is affected. This issue has been patched in version 2.61.1. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-29188

Severity

CRITICAL

Published

March 5, 2026

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-29188critical

CVE-2026-29188 - File Browser: TUS Delete Endpoint Bypasses Delete Permission Check

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-28348 - lxml_html_clean: CSS @import Filter Bypass via Unicode Escapes

CVE-2026-28343 - CKEditor: Cross-site scripting (XSS) in the HTML Support package

CVE-2025-70995 - Aranda Service Desk Web Edition Remote Code Execution Vulnerability

CVE-2025-70949 - Couch-Auth Timing Side-Channel Information Disclosure

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting