Jul 11, 2026·6 min read·3 visits
Unauthenticated remote command execution vulnerability in File Browser's Hook Authentication feature via unsanitized username/password inputs.
CVE-2026-54088 is a critical command injection vulnerability in File Browser prior to version 2.63.6. When Hook Authentication is enabled, the application interpolates unsanitized credentials into a shell command, allowing unauthenticated remote code execution.
File Browser is an open-source, web-based file manager that enables administrators to manage remote filesystems through a web interface. The application supports user authentication, file access controls, and administrative commands. It exposes an attack surface that includes various authentication strategies, one of which is Hook Authentication.
This Hook Authentication component allows delegation of user credential verification to custom external scripts or executables. During a login attempt, File Browser triggers a subprocess running the configured command to check the credentials. This capability is useful for integrating external directory services or bespoke access databases.
The vulnerability designated as CVE-2026-54088 lies in the implementation of this Hook Authentication workflow. When handling a login request, the application processes user-provided credentials without performing input verification or sanitization. This allows an unauthenticated external attacker to achieve arbitrary command execution on the host operating system.
The vulnerability resides in the Go backend implementation of File Browser, specifically in the file auth/hook.go within the HookAuth.RunCommand function. When Hook Authentication is enabled, administrators configure a template command string. This template uses environment-style placeholders, such as $USERNAME and $PASSWORD, which are later substituted with actual login credentials.
To perform this substitution, the code splits the configured command string by whitespace into an execution slice. It then loops over the command arguments and performs literal variable expansion using Go's standard library os.Expand function. The expansion relies on a custom mapping function that returns the unauthenticated user-supplied credentials directly from the incoming HTTP POST request.
Because os.Expand performs textual replacement without sanitizing shell-specific characters, input fields containing shell metacharacters are written directly into the arguments of the execution slice. If the target command runs within a shell interpreter, the shell parses and executes these injected metacharacters. Consequently, characters such as semicolons, pipes, or command substitutions trigger secondary OS command execution during the pre-authentication phase.
To understand the vulnerable design pattern, compare the legacy implementation in auth/hook.go with the corrected logic introduced in version 2.63.6.
// Vulnerable Implementation (auth/hook.go <= v2.63.5)
func (a *HookAuth) RunCommand() (string, error) {
command := strings.Split(a.Command, " ")
envMapping := func(key string) string {
switch key {
case "USERNAME":
return a.Cred.Username // Unsanitized credential payload
case "PASSWORD":
return a.Cred.Password // Unsanitized credential payload
default:
return os.Getenv(key)
}
}
for i, arg := range command {
if i == 0 {
continue
}
command[i] = os.Expand(arg, envMapping) // Command injection happens here
}
cmd := exec.Command(command[0], command[1:]...)
cmd.Env = append(os.Environ(), fmt.Sprintf("USERNAME=%s", a.Cred.Username))
cmd.Env = append(cmd.Env, fmt.Sprintf("PASSWORD=%s", a.Cred.Password))
// ...
}// Fixed Implementation (auth/hook.go >= v2.63.6)
func (a *HookAuth) RunCommand() (string, error) {
command := strings.Split(a.Command, " ")
cmd := exec.Command(command[0], command[1:]...)
cmd.Env = append(os.Environ(), fmt.Sprintf("USERNAME=%s", a.Cred.Username))
cmd.Env = append(cmd.Env, fmt.Sprintf("PASSWORD=%s", a.Cred.Password))
// ...
}In the patched version, the entire argument interpolation block using os.Expand has been removed. The static arguments of the command slice are passed without modifications. Instead of injecting credentials as part of the command arguments, the backend relies strictly on environment variables (cmd.Env) to pass the username and password details.
This architecture is safe because the Go standard library exec.Command implements low-level operating system process execution (using execve on POSIX systems or CreateProcess on Windows). System calls do not invoke a command-line shell by default unless an interpreter is explicitly specified as the target binary. Passing raw credential data through environment variables ensures that the data is never evaluated as command code, eliminating the parsing step that enabled the injection vector.
An unauthenticated attacker can exploit CVE-2026-54088 by sending a specially crafted HTTP POST request to the /api/login endpoint of a vulnerable File Browser instance. The attack requires no pre-existing valid credentials or active session. The attacker must only ensure that the Hook Authentication feature is configured and active on the target server.
The payload is placed directly within the JSON request body, using either the username or password keys. An attacker injects command separators or backticks containing OS-level commands into these fields. During processing, the backend invokes the Hook script and substitutes the malicious payload string. The shell interprets the metacharacters, executing the injected payloads immediately.
A public proof of concept (PoC) repository (Saku0512/CVE-2026-54088-poc) demonstrates this execution path. It sends a request containing a semicolon separator followed by system utility calls. The following flow diagram illustrates the step-by-step path from remote request to local execution:
The impact of CVE-2026-54088 is rated with critical severity, carrying a CVSS 4.0 base score of 9.3. Successful exploitation yields immediate, unauthenticated remote command execution under the security context of the user running the File Browser service. The attacker achieves full execution capability before any access validation takes place.
The compromised system allows attackers to read and alter all files managed by File Browser. Additionally, they can read configuration files, extract system credentials, and install rootkits or persistent backdoors. Depending on network topology, this system can also serve as a launchpad to pivot into local or private subnets.
While dockerized installations of File Browser restrict initial access to the container filesystem, container escape risks remain if the service runs with elevated privileges. In bare-metal installations, the compromise is direct and can lead to complete host takeover. The threat potential is high for internet-exposed file management services that hold business-critical storage volumes.
Administrators should update File Browser instances to version 2.63.6 or later immediately. This patch removes the vulnerable os.Expand routine and safely encapsulates credential passing through the process environment block. Upgrading resolves the underlying parsing vulnerability without requiring modifications to external verification scripts.
If upgrading is not immediately possible, the Hook Authentication feature should be disabled. Reverting to database-backed authentication removes the vulnerability, as the default database backend does not spawn external shell processes. Transitioning to another external authentication mechanism like LDAP is also a viable mitigation path.
As a temporary layer of defense, organizations can deploy WAF signatures to detect malicious patterns targeting the /api/login endpoint. Specifically, WAF rules should filter incoming requests containing typical command injection characters in the username and password payload fields. These rules act as a stopgap and must not substitute for the vendor-issued patch.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N| Product | Affected Versions | Fixed Version |
|---|---|---|
filebrowser filebrowser | < 2.63.6 | 2.63.6 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-78 |
| Attack Vector | Network (AV:N) |
| CVSS Score | 9.3 (Critical) |
| EPSS Score | 0.00533 (Percentile: 41.19%) |
| Impact | Pre-Authentication Remote Code Execution |
| Exploit Status | Public Proof-of-Concept Available |
| CISA KEV Status | Not Listed |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-54069 is a critical authentication bypass vulnerability in the SiYuan Note personal knowledge management system. The flaw is located in the HTTP server's middleware handling API authorization, which unconditionally trusts requests carrying a 'chrome-extension://' scheme in the Origin HTTP header, granting administrative access without validating API tokens.
CVE-2026-54089 is a critical authentication bypass vulnerability in File Browser affecting instances configured with proxy-based authentication. An unauthenticated remote attacker with direct network access can impersonate arbitrary users or register new accounts by spoofing configured HTTP headers.
The malicious Cargo package 'exploration' was uploaded to the crates.io registry. During compilation or package import, the crate executes code designed to establish an outbound TCP/HTTP connection, download an external second-stage binary, and execute the binary locally on the host machine. This creates an unauthenticated remote code execution vector impacting developer environments and continuous integration pipelines.
An authenticated remote code execution vulnerability exists in NotrinosERP (versions up to and including 1.0.0) within the Human Resource Management (HRM) module. Users with employee management permissions can upload arbitrary file types, including PHP scripts, which are written directly to a web-accessible directory. This allows for arbitrary code execution in the context of the web-server user.
A high-severity security bypass vulnerability exists in safeinstall-cli up to version 0.10.1. Due to multiple logical limitations in its shell command parsing mechanism (guard-parser), attackers can craft specific shell commands that completely evade the Agent Guard interceptor hooks. This allows arbitrary unverified installations and code executions on the developer system when executed by AI coding agents.
An arbitrary server-side file read vulnerability exists in the mcp-atlassian integration server. Remote clients utilizing SSE or HTTP transports can exploit the lack of directory containment on attachment-upload tools to resolve and read arbitrary host files, exfiltrating them directly to Atlassian Jira or Confluence.