File Browser has a DoS Vulnerability via Public Login API — CVE-2026-54092
GitHub · GitHub · CVE-2026-54092
ID
CVE-2026-54092
CVE-2026-54092
Date
Activity
Source
GitHub
GitHub
Vendor
GitHub
GitHub
Threat
high
high
CVSS
8.7
8.7
EPSS
0.00044
0.00044
Summary
### Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the container was destroyed. ### Details When sending JSON in the body of the request to the route `api/login`, if a large…
Product
go: github.com/filebrowser/filebrowser/v2 | go: github.com/filebrowser/filebrowser
What to do
General, cautious steps (verify details in the official source):
- Prioritize patching or mitigation immediately (treat as actively risky).
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.