[GHSA-525j-95gf-766f] FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info

[ByteAfterlife]

Updates

• Change scoring from CVSS v3 to CVSS v4

Comments
As mentioned, the original CVE that this extends CVE-2026-27611 required Low user interaction, however this one was marked as requiring no user interaction, I believe the severity and user interaction required should be the same across both reports

[github]

Hi there @gtsteffaniak! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

[shelbyc]

@ByteAfterlife I can see where you're coming from with this PR and also with #7353. @gtsteffaniak Have you had a chance to look at these proposed changes and would you be comfortable with including them in the repo GHSA as well as the CVE record and global GHSA?

[ByteAfterlife]

Hi, I was wondering if we could get this merged. @gtsteffaniak has not responded in almost 2 weeks.