22 matches found
RClone RC - Command Injection
Rclone = 1.48.0 and = 1.48.0 and 1.73.5 contains an unauthenticated local command execution caused by unauthenticated access to the RC endpoint operations/fsinfo with attacker-controlled fs input, letting unauthenticated attackers execute local commands, exploit requires reachable RC deployment...
Important: rclone
Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in versio...
JLSEC-2026-343
A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5Ofsinfoencode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to...
JLSEC-2026-281 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution
Summary The RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs... supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend,...
BIT-RCLONE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...
SUSE CVE-2026-41179
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...
Rclone 1.48.x < 1.73.5 Command Injection (CVE-2026-41179)
The version of Rclone installed on the remote host is 1.48.x prior to 1.73.5. It is, therefore, affected by a command injection vulnerability: - The RC endpoint operations/fsinfo is exposed without AuthRequired and accepts attacker-controlled fs input. Because rc.GetFs supports inline backend...
CVE-2026-41179
A flaw was found in Rclone, a command-line program for syncing files with cloud storage. An unauthenticated attacker can exploit an exposed Remote Control RC endpoint, operations/fsinfo, to instantiate a malicious backend. This allows the attacker to execute arbitrary local commands during backen...
CVE-2026-41179
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...
CVE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the operations/fsinfo endpoint in the RC server process. An attacker can execute arbitrary local commands by sending crafted requests to an exposed RC server that is running without...
CVE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...
CVE-2026-41179
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...
CVE-2026-41179
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...
Rclone 操作系统命令注入漏洞
Rclone is a software developed by the Rclone team that can synchronize data asynchronously from cloud storage. This software supports synchronization with various cloud storages, including Google Drive, Amazon Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Cloudfiles, Google Cloud...
EUVD-2026-25144
RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution...
RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution
Summary The RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs... supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend,...
SUSE CVE-2025-6816
A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5Ofsinfoencode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to...
DEBIAN-CVE-2025-6816
A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5Ofsinfoencode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to...
AZL-64437 CVE-2025-6816 affecting package hdf5 for versions less than 1.14.6-1
A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5Ofsinfoencode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to...