259 matches found
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Rclone vulnerabilities (USN-8299-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8299-1 advisory. It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could...
Amazon Linux 2023 : rclone (ALAS2023-2026-1717)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1717 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...
Amazon Linux 2 : rclone, --advisory ALAS2-2026-3309 (ALAS-2026-3309)
The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3309 advisory. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag...
Important: rclone
Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...
Important: rclone
Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...
USN-8299-1 rclone vulnerabilities
It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-41176 It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker coul...
USN-8299-1: Rclone vulnerabilities
It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-41176 It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker coul...
rclone-1.74.2-1.1 on GA media (moderate)
rclone-1.74.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10856-1 Rating: moderate Cross-References: CVE-2026-25680 CVE-2026-25681 CVE-2026-27136 CVE-2026-33809 CVE-2026-39821 CVE-2026-39824 CVE-2026-39827 CVE-2026-39828 CVE-2026-39829 CVE-2026-39830 CVE-2026-39831 CVE-2026-39832...
OPENSUSE-SU-2026:10856-1 rclone-1.74.2-1.1 on GA media
These are all security issues fixed in the rclone-1.74.2-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-43022
Name of the Vulnerable Software and Affected Versions rclone versions prior to 1.74.2-1.1 Description Decoding a paletted BMP file with an out-of-range palette index causes a panic when accessing pixels in the invalid image. Recommendations Update to version 1.74.2-1.1...
CLEANSTART-2026-UY49411 Security fixes for CVE-2025-68121, CVE-2026-1229, CVE-2026-29181, CVE-2026-32952, CVE-2026-33811, CVE-2026-33812, CVE-2026-33813, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-44740, CVE-2026-44973, ghsa-m3xc-h892-ggx6, ghsa-mh2q-q3fh-2475, ghsa-mqgf-5vvp-8fh8, ghsa-pjcq-xvwq-hhpj, ghsa-qw64-3x98-g7q2 applied in versions: 1.72.1-r1, 1.73.1-r0, 1.73.5-r0, 1.73.5.r1
Multiple security vulnerabilities affect the rclone package. These issues are resolved in later releases. See references for individual vulnerability details...
GO-2026-4964 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution in github.com/rclone/rclone
Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution in github.com/rclone/rclone. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...
PT-2026-42368
Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution in github.com/rclone/rclone. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...
Amazon Linux 2023 : rclone (ALAS2023-2026-1658)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1658 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can muta...
MGASA-2026-0147 Updated rclone packages fix security vulnerabilities
This update bring new features, bugs and vulnerabilities fixed in rclone and golang components used to build it...
Updated rclone packages fix security vulnerabilities
This update bring new features, bugs and vulnerabilities fixed in rclone and golang components used to build it...
CLEANSTART-2026-YP16651 Security fixes for CVE-2025-22868, CVE-2025-22869, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2025-68121, CVE-2026-1229, CVE-2026-29181, CVE-2026-32280, CVE-2026-32952, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-mh2q-q3fh-2475, ghsa-mqgf-5vvp-8fh8, ghsa-pjcq-xvwq-hhpj, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.69.0-r0, 1.69.0-r1, 1.69.0-r2, 1.72.1-r1, 1.73.1-r0
Multiple security vulnerabilities affect the rclone package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-RZ44006 Security fixes for CVE-2025-68121, CVE-2026-1229, CVE-2026-29181, CVE-2026-32952, CVE-2026-33811, CVE-2026-33812, CVE-2026-33813, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-mh2q-q3fh-2475, ghsa-mqgf-5vvp-8fh8, ghsa-pjcq-xvwq-hhpj applied in versions: 1.72.1-r1, 1.73.1-r0, 1.73.5-r0
Multiple security vulnerabilities affect the rclone package. These issues are resolved in later releases. See references for individual vulnerability details...
Important: rclone
Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in versio...
Amazon Linux 2 : rclone, --advisory ALAS2-2026-3285 (ALAS-2026-3285)
The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3285 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC...