Threats Tagged 'cve-2026-54088'
View all threats tagged with 'cve-2026-54088'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-54088'
Click on any threat for detailed analysis and mitigation recommendations
GHSA-m93h-4hw7-5qcm: File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)CVE-2026-54088 0 File Browser versions prior to 2.63.6 contain a critical pre-authentication remote code execution vulnerability in the Hook Authentication feature. The vulnerability arises because user-supplied credentials are unsafely interpolated into a shell command without sanitization, allowing an unauthenticated attacker to inject arbitrary OS commands via the login interface. Exploitation requires only a single crafted HTTP request and no valid credentials. Successful exploitation grants the attacker full control over the server process running File Browser, enabling arbitrary command execution with high confidentiality, integrity, and availability impact. Join the discussion | GCVE Database | 07/10/2026, 19:32:32 UTC Added: 07/11/2026, 09:36:51 UTC |
Showing 1 to 1 of 1 result