In-Depth Analysis of CVE-2026-54091: File Browser Incorrect Access Control for Public Directory Shares
CVE-2026-54091 is a critical vulnerability in File Browser's public share feature. It allows an attacker to access files and subdirectories that the share owner explicitly blocked with rules, as long as those blocked paths are located underneath the shared directory. This can lead to unauthenticated information disclosure through public share endpoints.