Browse all 3 CVE security advisories affecting Dropbox. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Dropbox provides cloud-based file storage and synchronization services, enabling users to access and share files across devices. Historically, the platform has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation and access control issues. While Dropbox maintains robust security measures including encryption and two-factor authentication, past incidents have exposed potential weaknesses in API security and shared folder permissions. The current three CVEs on record highlight ongoing security challenges, though the company has generally addressed issues promptly through regular security updates and bug bounty programs.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-28809 | XXE in esaml SAML library allows local file read and potential SSRF — esamlCWE-611 | 9.1 | - | 2026-03-23 |
This page lists every published CVE security advisory associated with Dropbox. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.