Lucene search
+L

283 matches found

Nuclei
Nuclei
added yesterday11 views

RClone RC - Command Injection

Rclone = 1.48.0 and = 1.48.0 and 1.73.5 contains an unauthenticated local command execution caused by unauthenticated access to the RC endpoint operations/fsinfo with attacker-controlled fs input, letting unauthenticated attackers execute local commands, exploit requires reachable RC deployment...

9.8CVSS5.6AI score0.09199EPSS
Exploits2References2
Nuclei
Nuclei
added 2 days ago9 views

Rclone RC - Broken Access Control

Rclone = 1.45.0 and = 1.45.0 and 1.73.5 contains a broken access control vulnerability caused by unauthenticated access to the RC endpoint options/set allowing mutation of global runtime configuration, letting unauthenticated attackers access sensitive administrative functions, exploit requires R...

9.8CVSS6.1AI score0.34734EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-59733

A flaw was found in Rclone. When using the rclone serve restic --private-repos command, an authenticated user can include directory traversal sequences e.g., .. in a request. This allows them to bypass authorization and read, overwrite, or delete another user's private repository on backends that...

8.8CVSS6AI score0.00552EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59733

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-rep...

8.8CVSS6.1AI score0.00552EPSS
Exploits1References3
OSV
OSV
added 4 days ago4 views

DEBIAN-CVE-2026-59733

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...

8.8CVSS6.1AI score0.00552EPSS
Exploits1References1
NVD
NVD
added 4 days ago10 views

CVE-2026-59733

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...

8.8CVSS0.00552EPSS
Exploits1References4
OSV
OSV
added 4 days ago4 views

DEBIAN-CVE-2026-59732

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as...

5CVSS6.1AI score0.00161EPSS
Exploits1References1
NVD
NVD
added 4 days ago9 views

CVE-2026-59732

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as...

5CVSS0.00161EPSS
Exploits1References4
OSV
OSV
added 4 days ago5 views

DEBIAN-CVE-2026-54572

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

8.8CVSS6.1AI score0.00404EPSS
Exploits1References1
NVD
NVD
added 4 days ago9 views

CVE-2026-54572

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

8.8CVSS0.00404EPSS
Exploits1References4
OSV
OSV
added 4 days ago5 views

UBUNTU-CVE-2026-54572

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

8.8CVSS6.1AI score0.00404EPSS
Exploits1References6
CVE
CVE
added 4 days ago13 views

CVE-2026-59733

CVE-2026-59733 affects the rclone tool before version 1.74.4, specifically when using the command set “serve restic --private-repos.” The issue arises because authorization is enforced using the routed user path segment while the backend object key is built from the raw, uncleaned URL path, allow...

8.8CVSS6.1AI score0.00552EPSS
Exploits1References4Affected Software1
OSV
OSV
added 4 days ago4 views

CVE-2026-59733 rclone `serve restic --private-repos` authorization bypass: `..` in the URL path lets an authenticated user read, overwrite and delete other users' repositories

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...

8.8CVSS6.1AI score0.00552EPSS
Exploits1References6
CVE
CVE
added 4 days ago15 views

CVE-2026-54572

Rogue symlink handling in rclone before 1.74.4: when using -l/--links, rclone serializes symlinks as .rclonelink and recreates them locally without validating the target, allowing an attacker-controlled remote to plant an escaping symlink and cause subsequent writes to land outside the destinatio...

8.8CVSS6.1AI score0.00404EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-54572 rclone: Unvalidated symlink target in local `--links` — arbitrary file write from an untrusted remote

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

7.5CVSS0.00404EPSS
Exploits1References4
OSV
OSV
added 4 days ago5 views

CVE-2026-54572 rclone: Unvalidated symlink target in local `--links` — arbitrary file write from an untrusted remote

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

7.5CVSS6.1AI score0.00404EPSS
Exploits1References6
CVE
CVE
added 4 days ago15 views

CVE-2026-59732

The CVE describes a vulnerability in rclone where rclone archive extract could write extracted files outside the user-specified destination prefix when processing crafted archives containing parent path components (e.g., ../). This allowed creating or overwriting sibling objects in the same bucke...

5CVSS6.1AI score0.00161EPSS
Exploits1References4Affected Software1
OSV
OSV
added 4 days ago4 views

CVE-2026-59732 rclone archive extract allows S3 destination prefix escape via crafted archive paths

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as...

5CVSS6.1AI score0.00161EPSS
Exploits1References6
OPENSUSE Linux
OPENSUSE Linux
added 6 days ago4 views

rclone-1.74.4-1.1 on GA media (moderate)

rclone-1.74.4-1.1 on GA media Announcement ID: openSUSE-SU-2026:11241-1 Rating: moderate Cross-References: CVE-2026-54572 CVE-2026-59732 CVE-2026-59733 Affected Products: openSUSE Tumbleweed An update that solves 3 vulnerabilities can now be installed. Description: These are all security issues...

8.8CVSS6.1AI score0.00552EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.11 views

PT-2026-57242

Name of the Vulnerable Software and Affected Versions rclone versions prior to 1.74.4 Description The archive extract function allows the creation or overwriting of sibling objects within the same bucket or path scope. This occurs when extracting a specially crafted archive containing parent path...

5CVSS6.1AI score0.00161EPSS
Exploits1References10
Rows per page
Query Builder