A vulnerability was found in filebrowser up to 2.63.16. It has been declared as problematic. Impacted is the function
DeleteWithPathPrefix of the component Paths. Executing a manipulation of the argument path can lead to relative path traversal.
This vulnerability is handled as CVE-2026-61874. The attack can be executed remotely. There is not any exploit available.