NIXPKGS-2026-0621
GitHub issue
published on 11 Mar 2026
by @mweinelt Activity log
- Created automatic suggestion
-
@mweinelt
removed
4 packages
- filebrowser
- python312Packages.filebrowser-safe
- python313Packages.filebrowser-safe
- python314Packages.filebrowser-safe
- @mweinelt accepted
- @mweinelt published on GitHub
FileBrowser Quantum Incomplete Remediation of CVE-2026-27611: Password-Protected Share Bypass via /public/api/share/info
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and 1.2.2-stable.
References
-
https://github.com/gtsteffaniak/filebrowser/releases/tag/v1.3.1-beta x_refsource_MISC
Affected products
filebrowser
- === 1.1.3-stable
- ==>= 1.2.6-beta, < 1.2.2-stable
- ==>= 1.3.0-beta, < 1.3.1-beta
Matching in nixpkgs
pkgs.filebrowser-quantum
Access and manage your files from the web
-
nixos-unstable 1.1.0-stable
- nixpkgs-unstable 1.1.0-stable
- nixos-unstable-small 1.1.0-stable
Ignored packages (4)
pkgs.filebrowser
Filebrowser is a web application for managing files and directories
pkgs.python312Packages.filebrowser-safe
Snapshot of django-filebrowser for the Mezzanine CMS
pkgs.python313Packages.filebrowser-safe
Snapshot of django-filebrowser for the Mezzanine CMS
pkgs.python314Packages.filebrowser-safe
Snapshot of django-filebrowser for the Mezzanine CMS
Package maintainers
-
@JocimSus Joachim Susatiyo <joe.susatiyo@gmail.com>