Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-29188

File Browser: TUS Delete Endpoint Bypasses Delete Permission Check
Back to all
CVE

CVE-2026-29188

File Browser: TUS Delete Endpoint Bypasses Delete Permission Check

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.1, a broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create permission to delete arbitrary files and directories within their scope, bypassing the intended Delete permission restriction. Any multi-user deployment where administrators explicitly restrict file deletion for certain users is affected. This issue has been patched in version 2.61.1.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
9.1
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
C
H
U
-

Related Resources

No items found.

References

https://github.com/filebrowser/filebrowser/releases/tag/v2.61.1, https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29188.json, https://github.com/filebrowser/filebrowser/security/advisories/GHSA-79pf-vx4x-7jmm, https://nvd.nist.gov/vuln/detail/CVE-2026-29188, https://github.com/filebrowser/filebrowser/commit/7ed1425115be602c2b23236c410098ea2d74b42f

Severity

9.1

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
9.1
EPSS Probability
0.00027%
EPSS Percentile
0.07927%
Introduced Version
0
Fix Available
c950a57df8a513029edb6954e8845b9fc0134b62

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading