cvedb.io
CVE-2021-46398
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2022-02-04T16:15:07.907 · Last modified 2026-06-17T04:14:51.080

Summary

A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE.

Affected products

filebrowser — filebrowser

Does this affect you?

Add your gear to cvedb and we'll alert you only when filebrowser ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.