DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-54089: CVE-2026-54089: Authentication Bypass by Spoofing in File Browser

CVE-2026-54089: Authentication Bypass by Spoofing in File Browser

Vulnerability ID: CVE-2026-54089
CVSS Score: 9.1
Published: 2026-07-10

CVE-2026-54089 is a critical authentication bypass vulnerability in File Browser affecting instances configured with proxy-based authentication. An unauthenticated remote attacker with direct network access can impersonate arbitrary users or register new accounts by spoofing configured HTTP headers.

TL;DR

Unauthenticated network-adjacent or remote attackers can gain full administrative access to File Browser instances by forging identity headers when the service is exposed without a validating reverse proxy.


Technical Details

  • CWE ID: CWE-290
  • Attack Vector: Network
  • CVSS v3.1: 9.1 (Critical)
  • EPSS Score: 0.00337
  • Exploit Status: None
  • KEV Status: Not listed

Affected Systems

  • File Browser deployments configured with proxy authentication (auth.method=proxy) that are directly exposed to untrusted networks
  • File Browser: >= 2.0.0-rc.1 (Fixed in: None)

Mitigation Strategies

  • Bind File Browser exclusively to localhost (127.0.0.1) or an internal isolated network.
  • Configure the upstream reverse proxy to sanitize, strip, or overwrite incoming client-supplied identity headers.
  • Disable proxy authentication if network-level source verification and header sanitation cannot be enforced.

Remediation Steps:

  1. Verify the configured listen address in File Browser configuration or CLI command line flags (ensure it uses -a 127.0.0.1).
  2. Inspect the upstream proxy (e.g., Nginx, Traefik) and insert rules to clear client-supplied versions of the designated authentication header.
  3. Test vulnerability exposure by making a direct curl query to /api/login from an external network segment with the header set to verify it is blocked.

References


Read the full report for CVE-2026-54089 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)