CVE-2026-34529

HIGH 7.6

File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file

CVSS Score

7.6

EPSS Score

0.0%

EPSS Percentile

9th

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the EPUB preview function in File Browser is vulnerable to Stored Cross-Site Scripting (XSS). JavaScript embedded in a crafted EPUB file executes in the victim's browser when they preview the file. This issue has been patched in version 2.62.2.

CWE	CWE-79
Vendor	filebrowser
Product	filebrowser
Published	Apr 1, 2026
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for filebrowser filebrowser

Be the first to know when new high vulnerabilities affecting filebrowser filebrowser are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

None

Affected Versions

filebrowser / filebrowser

< 2.62.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/filebrowser/filebrowser/security/advisories/GHSA-5vpr-4fgw-f69h github.com: https://github.com/filebrowser/filebrowser/releases/tag/v2.62.2