<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sun, 12 Jul 2026 17:27:28 +0000</lastBuildDate>
    <item>
      <title>12db9681-864e-49f3-9a36-ca4370041974</title>
      <link>https://vulnerability.circl.lu/sighting/12db9681-864e-49f3-9a36-ca4370041974/export</link>
      <description>{"uuid": "12db9681-864e-49f3-9a36-ca4370041974", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54089", "type": "seen", "source": "https://gist.github.com/alon710/3054e318d0e890a38da4e9f158827df1", "content": "# CVE-2026-54089: CVE-2026-54089: Authentication Bypass by Spoofing in File Browser\n\n&amp;gt; **CVSS Score:** 9.1\n&amp;gt; **Published:** 2026-07-10\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-54089\n\n## Summary\nCVE-2026-54089 is a critical authentication bypass vulnerability in File Browser affecting instances configured with proxy-based authentication. An unauthenticated remote attacker with direct network access can impersonate arbitrary users or register new accounts by spoofing configured HTTP headers.\n\n## TL;DR\nUnauthenticated network-adjacent or remote attackers can gain full administrative access to File Browser instances by forging identity headers when the service is exposed without a validating reverse proxy.\n\n## Technical Details\n\n- **CWE ID**: CWE-290\n- **Attack Vector**: Network\n- **CVSS v3.1**: 9.1 (Critical)\n- **EPSS Score**: 0.00337\n- **Exploit Status**: None\n- **KEV Status**: Not listed\n\n## Affected Systems\n\n- File Browser deployments configured with proxy authentication (auth.method=proxy) that are directly exposed to untrusted networks\n- **File Browser**: &amp;gt;= 2.0.0-rc.1 (Fixed in: `None`)\n\n## Mitigation\n\n- Bind File Browser exclusively to localhost (127.0.0.1) or an internal isolated network.\n- Configure the upstream reverse proxy to sanitize, strip, or overwrite incoming client-supplied identity headers.\n- Disable proxy authentication if network-level source verification and header sanitation cannot be enforced.\n\n**Remediation Steps:**\n1. Verify the configured listen address in File Browser configuration or CLI command line flags (ensure it uses -a 127.0.0.1).\n2. Inspect the upstream proxy (e.g., Nginx, Traefik) and insert rules to clear client-supplied versions of the designated authentication header.\n3. Test vulnerability exposure by making a direct curl query to /api/login from an external network segment with the header set to verify it is blocked.\n\n## References\n\n- [GitHub Security Advisory GHSA-xqp3-jq6g-x3qm](https://github.com/filebrowser/filebrowser/security/advisories/GHSA-xqp3-jq6g-x3qm)\n- [File Browser Proxy Authentication Code](https://github.com/filebrowser/filebrowser/blob/main/auth/proxy.go)\n- [File Browser Authentication Endpoint Code](https://github.com/filebrowser/filebrowser/blob/main/http/auth.go)\n- [NVD CVE-2026-54089 Details](https://nvd.nist.gov/vuln/detail/CVE-2026-54089)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-54089) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-11T03:42:32.121308Z"}</description>
      <content:encoded>{"uuid": "12db9681-864e-49f3-9a36-ca4370041974", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54089", "type": "seen", "source": "https://gist.github.com/alon710/3054e318d0e890a38da4e9f158827df1", "content": "# CVE-2026-54089: CVE-2026-54089: Authentication Bypass by Spoofing in File Browser\n\n&amp;gt; **CVSS Score:** 9.1\n&amp;gt; **Published:** 2026-07-10\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-54089\n\n## Summary\nCVE-2026-54089 is a critical authentication bypass vulnerability in File Browser affecting instances configured with proxy-based authentication. An unauthenticated remote attacker with direct network access can impersonate arbitrary users or register new accounts by spoofing configured HTTP headers.\n\n## TL;DR\nUnauthenticated network-adjacent or remote attackers can gain full administrative access to File Browser instances by forging identity headers when the service is exposed without a validating reverse proxy.\n\n## Technical Details\n\n- **CWE ID**: CWE-290\n- **Attack Vector**: Network\n- **CVSS v3.1**: 9.1 (Critical)\n- **EPSS Score**: 0.00337\n- **Exploit Status**: None\n- **KEV Status**: Not listed\n\n## Affected Systems\n\n- File Browser deployments configured with proxy authentication (auth.method=proxy) that are directly exposed to untrusted networks\n- **File Browser**: &amp;gt;= 2.0.0-rc.1 (Fixed in: `None`)\n\n## Mitigation\n\n- Bind File Browser exclusively to localhost (127.0.0.1) or an internal isolated network.\n- Configure the upstream reverse proxy to sanitize, strip, or overwrite incoming client-supplied identity headers.\n- Disable proxy authentication if network-level source verification and header sanitation cannot be enforced.\n\n**Remediation Steps:**\n1. Verify the configured listen address in File Browser configuration or CLI command line flags (ensure it uses -a 127.0.0.1).\n2. Inspect the upstream proxy (e.g., Nginx, Traefik) and insert rules to clear client-supplied versions of the designated authentication header.\n3. Test vulnerability exposure by making a direct curl query to /api/login from an external network segment with the header set to verify it is blocked.\n\n## References\n\n- [GitHub Security Advisory GHSA-xqp3-jq6g-x3qm](https://github.com/filebrowser/filebrowser/security/advisories/GHSA-xqp3-jq6g-x3qm)\n- [File Browser Proxy Authentication Code](https://github.com/filebrowser/filebrowser/blob/main/auth/proxy.go)\n- [File Browser Authentication Endpoint Code](https://github.com/filebrowser/filebrowser/blob/main/http/auth.go)\n- [NVD CVE-2026-54089 Details](https://nvd.nist.gov/vuln/detail/CVE-2026-54089)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-54089) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-11T03:42:32.121308Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/12db9681-864e-49f3-9a36-ca4370041974/export</guid>
      <pubDate>Sat, 11 Jul 2026 03:42:32 +0000</pubDate>
    </item>
    <item>
      <title>62fbf702-8898-4db5-becf-cd6ca79649d8</title>
      <link>https://vulnerability.circl.lu/sighting/62fbf702-8898-4db5-becf-cd6ca79649d8/export</link>
      <description>{"uuid": "62fbf702-8898-4db5-becf-cd6ca79649d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54089", "type": "published-proof-of-concept", "source": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-xqp3-jq6g-x3qm", "content": "", "creation_timestamp": "2026-07-10T20:35:14.770110Z"}</description>
      <content:encoded>{"uuid": "62fbf702-8898-4db5-becf-cd6ca79649d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54089", "type": "published-proof-of-concept", "source": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-xqp3-jq6g-x3qm", "content": "", "creation_timestamp": "2026-07-10T20:35:14.770110Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/62fbf702-8898-4db5-becf-cd6ca79649d8/export</guid>
      <pubDate>Fri, 10 Jul 2026 20:35:14 +0000</pubDate>
    </item>
    <item>
      <title>6211496f-b390-48e3-b56d-fe8e541a4e48</title>
      <link>https://vulnerability.circl.lu/sighting/6211496f-b390-48e3-b56d-fe8e541a4e48/export</link>
      <description>{"uuid": "6211496f-b390-48e3-b56d-fe8e541a4e48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54089", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqcxoiwmmg2z", "content": "CVE-2026-54089 - filebrowser\nWhen FileBrowser is configured to use proxy authentication, an attacker can impersonate any user, including administrators, by sending a fake HTTP header. This allows the\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#filebrowser #Golang #CVE #infosec", "creation_timestamp": "2026-07-10T20:16:04.035535Z"}</description>
      <content:encoded>{"uuid": "6211496f-b390-48e3-b56d-fe8e541a4e48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54089", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqcxoiwmmg2z", "content": "CVE-2026-54089 - filebrowser\nWhen FileBrowser is configured to use proxy authentication, an attacker can impersonate any user, including administrators, by sending a fake HTTP header. This allows the\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#filebrowser #Golang #CVE #infosec", "creation_timestamp": "2026-07-10T20:16:04.035535Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/6211496f-b390-48e3-b56d-fe8e541a4e48/export</guid>
      <pubDate>Fri, 10 Jul 2026 20:16:04 +0000</pubDate>
    </item>
  </channel>
</rss>
