{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-54091/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-25T17:43:04.664Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-54091","@id":"https://www.cve.org/CVERecord?id=CVE-2026-54091","description":"File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths against the owner's global and per-user rules using the rebased relative path instead of the original path relative to the owner's scope. As a result, an attacker who knows a public directory share URL can acc"},"products":[{"@id":"cpe:2.3:a:filebrowser:filebrowser:\\<_2.63.6:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:filebrowser:filebrowser:\\<_2.63.6:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-25T17:43:04.664Z"}]}