CVE Catalog

CVE-2026-50891

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile - higher than 8% of all known CVEs

Summary

Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request.

Risk Assessment

The organization may be exposed to unauthorized access to sensitive administrative functions, potentially leading to serious security breaches.

Recommendation

It is recommended to update Filestash to the latest version to mitigate this vulnerability and review access policies for administrative components.

Original NVD description (English source)

Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS