Filebrowser

FileBrowser Quantum is susceptible to CVE-2026-46410, an unauthenticated information disclosure vulnerability, potentially exposing sensitive information such as source code and file paths.

A path traversal vulnerability exists in FileBrowser's public share DELETE API allowing unauthenticated attackers with valid share hashes and delete permissions to delete arbitrary files outside the shared directory, leading to unauthorized data loss and potential service disruption.