CVE-2026-62685
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Pri
CVSS
8.1
High
EPSS
0.3%
p24
KEV
—
Exploit Today
7
0-100
Published: Jul 15, 2026 · Last modified: Jul 15, 2026 · CWE-647 · CWE-706
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser builds new user scopes from usernames passed through cleanUsername() when Signup=true and CreateUserDir=true, but the many-to-one normalization can collapse usernames such as team/one, team one, and team-one to the same home directory without checking whether the resulting scope is already taken, allowing a second registrant to gain full read and write access to another user's files. This issue is fixed in version 2.63.17.