Escanear grátis

Esta página ainda não foi traduzida para o seu idioma. Exibindo conteúdo em inglês enquanto trabalhamos nisso.

💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.

CRITICALCVE-2026-32760CVSS 9.5

CVE-2026-32760: Admin Account Creation in Filebrowser v2

Plataforma

go

Componente

github.com/filebrowser/filebrowser/v2

Corrigido em

2.62.0

Ver no NVD
Salvar
Traduzindo para o seu idioma…

CVE-2026-32760 is a critical vulnerability affecting Filebrowser v2, allowing unauthenticated users to register as full administrators. This occurs when self-registration is enabled (signup = true) and the default user permissions grant administrative privileges. The vulnerability impacts versions prior to 2.62.0 and can be resolved by upgrading to the patched version.

Go

Detecte esta CVE no seu projeto

Envie seu arquivo go.mod e descubra na hora se você está afetado.

Enviar go.mod

Impacto e Cenários de Ataquetraduzindo…

Successful exploitation of CVE-2026-32760 grants an attacker complete administrative control over the Filebrowser instance. This includes the ability to access, modify, delete, and download all files stored within the system. An attacker could also create new users with elevated privileges, potentially establishing persistent access. The blast radius extends to any data stored and managed by Filebrowser, making this a high-impact vulnerability. The ease of exploitation, requiring only a web browser and enabled self-registration, significantly increases the risk of widespread compromise.

Contexto de Exploraçãotraduzindo…

CVE-2026-32760 is currently not listed on KEV or EPSS, indicating a low to medium probability of active exploitation. Public proof-of-concept (POC) code is likely to emerge given the vulnerability's simplicity. The vulnerability was published on 2026-03-16, and it is recommended to monitor security advisories and threat intelligence feeds for any signs of exploitation. This vulnerability shares similarities with other privilege escalation flaws where default configurations inadvertently grant excessive permissions.

Inteligência de Ameaças

Status do Exploit

Prova de ConceitoDesconhecido
CISA KEVNO
Relatórios1 relatório de ameaça

EPSS

0.02% (percentil 4%)

CISA SSVC

Exploraçãopoc
Automatizávelyes
Impacto Técnicototal

Classificação de Fraqueza (CWE)

CWE-269CWE-284

Linha do tempo

  1. Reservado
  2. Publicada
  3. Modificada
  4. EPSS atualizado

Mitigação e Soluções Alternativastraduzindo…

The primary mitigation for CVE-2026-32760 is to upgrade Filebrowser to version 2.62.0 or later, which includes the fix. If immediate upgrading is not possible, disable self-registration (set signup = false in the Filebrowser configuration). As a temporary workaround, review and restrict default user permissions to prevent the automatic granting of administrative privileges during registration. Monitor Filebrowser logs for suspicious user registration attempts, particularly those with unusual usernames. After upgrading, confirm the fix by attempting to register a new user with self-registration enabled and verifying that the new user does not receive administrative privileges.

Como corrigirtraduzindo…

Actualice File Browser a la versión 2.62.0 o superior. Esta versión corrige la vulnerabilidad que permite a usuarios no autenticados registrarse como administradores si la auto-registración está habilitada y los permisos por defecto incluyen privilegios de administrador. Desactive la auto-registración si no es necesaria.

Perguntas frequentestraduzindo…

What is CVE-2026-32760 — Admin Account Creation in Filebrowser v2?

CVE-2026-32760 is a critical vulnerability in Filebrowser v2 that allows unauthenticated users to register as administrators if self-registration is enabled and default permissions grant admin rights. This grants full control over the system.

Am I affected by CVE-2026-32760 in Filebrowser v2?

You are affected if you are running Filebrowser v2 prior to 2.62.0 and have self-registration enabled (signup = true) with default user permissions granting administrative privileges.

How do I fix CVE-2026-32760 in Filebrowser v2?

Upgrade Filebrowser to version 2.62.0 or later. As a temporary workaround, disable self-registration (signup = false) or restrict default user permissions.

Is CVE-2026-32760 being actively exploited?

While not currently listed on KEV or EPSS, the vulnerability's simplicity suggests a potential for exploitation. Monitor security advisories and threat intelligence feeds.

Where can I find the official Filebrowser advisory for CVE-2026-32760?

Refer to the Filebrowser security advisory on their GitHub repository: [https://github.com/filebrowser/filebrowser/security/advisories/GHSA-7w4r-375r-6x4r](https://github.com/filebrowser/filebrowser/security/advisories/GHSA-7w4r-375r-6x4r)

Seu projeto está afetado?

Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.

Escanear grátisBuscar CVEs
Go

Detecte esta CVE no seu projeto

Envie seu arquivo go.mod e descubra na hora se você está afetado.

Enviar go.mod
ao vivoverificação gratuita

Escaneie seu projeto Go agora — sem conta

Envie seu go.mod e receba o relatório de vulnerabilidades instantaneamente. Sem conta. Enviar o arquivo é só o começo: com uma conta você obtém monitoramento contínuo, alertas por Slack/e-mail, relatórios multi-projeto e white-label.

Escaneamento manualAlertas por Slack/e-mailMonitoramento ContínuoRelatórios de marca branca

Arraste e solte seu arquivo de dependências

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...