CVE-2026-34529CRITICAL 9.0EPSS p23.7%

CVE-2026-34529CVE-2026-34529

Description

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the EPUB preview function in File Browser is vulnerable to Stored Cross-Site Scripting (XSS). JavaScript embedded in a crafted EPUB file executes in the victim's browser when they preview the file. This issue has been patched in version 2.62.2.

Scoring

CVSS 3.19.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS0.32% probability of exploitation · percentile 23.7% · 2026-06-19T12:03:05Z
Published2026-04-01
Last modified2026-04-06

Underlying weaknesses· 1

CWE-79

References

  1. https://github.com/filebrowser/filebrowser/releases/tag/v2.62.2
  2. https://github.com/filebrowser/filebrowser/security/advisories/GHSA-5vpr-4fgw-f69h

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-790%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25890
CVE
CVE-2026-35585
CVE
CVE-2026-21628
CVE
CVE-2026-35604
CVE
CVE-2025-52903
CVE
CVE-2026-29188
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.