Vulnerability Report: GO-2026-5776
- GHSA-r4v7-6wcg-ghj5
- Affects: github.com/gtsteffaniak/filebrowser
- Published: Jun 25, 2026
FileBrowser: Missing Rate Limiting on Authentication Endpoint Enables Brute Force Attacks in github.com/gtsteffaniak/filebrowser. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/gtsteffaniak/filebrowser before v0.0.0-20260522161427-fa5abc8c67f3a.
For detailed information about this vulnerability, visit https://github.com/gtsteffaniak/filebrowser/security/advisories/GHSA-r4v7-6wcg-ghj5.
Affected Packages
-
PathVersionsSymbols
Aliases
References
- https://github.com/gtsteffaniak/filebrowser/security/advisories/GHSA-r4v7-6wcg-ghj5
- https://github.com/gtsteffaniak/filebrowser/commit/fa5abc8c67f3a66ce76e358a3c57981750c76a23
- https://github.com/gtsteffaniak/filebrowser/pull/2485
- https://vuln.go.dev/ID/GO-2026-5776.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.