Lucene search
K

265 matches found

Wolfi
Wolfi
added 2026/04/24 7:48 p.m.14 views

GHSA-PJCQ-XVWQ-HHPJ vulnerabilities

Vulnerabilities for packages: spqr, nuclei, trufflehog, opentofu, dex, cert-manager-csi-driver, kyverno, gitea, grafana, teleport, cert-manager, ratify, telegraf, cert-manager-cmctl, flux, yunikorn-k8shim, bento, terraform, rancher-agent, flux-source-controller, percona-server-mongodb-operator,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/04/24 7:48 p.m.11 views

CVE-2026-32952 vulnerabilities

Vulnerabilities for packages: spqr, nuclei, trufflehog, opentofu, dex, cert-manager-csi-driver, kyverno, gitea, grafana, teleport, cert-manager, ratify, telegraf, cert-manager-cmctl, flux, yunikorn-k8shim, bento, terraform, rancher-agent, flux-source-controller, percona-server-mongodb-operator,...

7.5CVSS6.1AI score0.01027EPSS
Exploits0
OSV
OSV
added 2026/04/24 8:51 a.m.5 views

BIT-RCLONE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS5.4AI score0.34734EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/04/24 1:28 a.m.11 views

SUSE CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.9AI score0.09199EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.8 views

Rclone 1.45.x < 1.73.5 Authentication Bypass (CVE-2026-41176)

The version of Rclone installed on the remote host is 1.45.x prior to 1.73.5. It is, therefore, affected by an authentication bypass vulnerability: - The RC endpoint options/set is exposed without AuthRequired, but it can mutate global runtime configuration, including the RC option block itself. ...

9.8CVSS5.6AI score0.34734EPSS
Exploits1References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/24 12:0 a.m.5 views

Security update for rclone (critical)

openSUSE Security Update: Security update for rclone Announcement ID: openSUSE-SU-2026:0151-1 Rating: critical References: 1140423 1232964 1233422 1262438 1262439 Cross-References: CVE-2023-45286 CVE-2023-45288 CVE-2023-48795 CVE-2024-24786 CVE-2024-45337 CVE-2024-45338 CVE-2024-51744...

8.7CVSS6.7AI score0.01557EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.7 views

Rclone 1.48.x < 1.73.5 Command Injection (CVE-2026-41179)

The version of Rclone installed on the remote host is 1.48.x prior to 1.73.5. It is, therefore, affected by a command injection vulnerability: - The RC endpoint operations/fsinfo is exposed without AuthRequired and accepts attacker-controlled fs input. Because rc.GetFs supports inline backend...

9.8CVSS5.8AI score0.09199EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/04/23 7:12 p.m.6 views

CVE-2026-41179

A flaw was found in Rclone, a command-line program for syncing files with cloud storage. An unauthenticated attacker can exploit an exposed Remote Control RC endpoint, operations/fsinfo, to instantiate a malicious backend. This allows the attacker to execute arbitrary local commands during backen...

9.8CVSS6.2AI score0.09199EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2026/04/23 7:12 p.m.7 views

CVE-2026-41176

A flaw was found in Rclone, a command-line program designed for synchronizing files with various cloud storage providers. An unauthenticated attacker can exploit an exposed Remote Control RC endpoint, options/set, to disable the authorization mechanism for other RC methods. This vulnerability...

9.8CVSS5.7AI score0.34734EPSS
Exploits1References6
OSV
OSV
added 2026/04/23 4:22 p.m.5 views

OPENSUSE-SU-2026:20620-1 Security update for rclone

This update for rclone fixes the following issues: Changes in rclone: - Update to version 1.73.5: Version v1.73.5 operations: add AuthRequired to operations/fsinfo to prevent backend creation CVE-2026-41179 rc: snapshot NoAuth at startup to prevent runtime auth bypass CVE-2026-41176 rc: add...

10CVSS7.1AI score0.34734EPSS
Exploits9References16
OSV
OSV
added 2026/04/23 12:16 a.m.9 views

DEBIAN-CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.6AI score0.09199EPSS
Exploits2References1
NVD
NVD
added 2026/04/23 12:16 a.m.11 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS0.09199EPSS
Exploits2References10
OSV
OSV
added 2026/04/23 12:16 a.m.4 views

UBUNTU-CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS5.8AI score0.34734EPSS
Exploits1References4
OSV
OSV
added 2026/04/23 12:16 a.m.5 views

UBUNTU-CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.9AI score0.09199EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/04/23 12:3 a.m.41 views

CVE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.2CVSS0.09199EPSS
Exploits2References7
Snyk
Snyk
added 2026/04/23 12:3 a.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the operations/fsinfo endpoint in the RC server process. An attacker can execute arbitrary local commands by sending crafted requests to an exposed RC server that is running without...

9.8CVSS5.9AI score0.09199EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/04/23 12:3 a.m.6 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.2CVSS5.9AI score0.09199EPSS
Exploits2References5Affected Software1
CVE
CVE
added 2026/04/23 12:3 a.m.40 views

CVE-2026-41179

CVE-2026-41179 affects rclone before 1.73.5 where the RC endpoint operations/fsinfo is exposed without AuthRequired and accepts attacker-controlled fs input. This allows an unauthenticated attacker to instantiate an attacker-controlled backend via rc.GetFs(...) and trigger WebDAV bearer_token_com...

9.8CVSS5.9AI score0.09199EPSS
Exploits2References10Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/23 12:3 a.m.6 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.6AI score0.09199EPSS
Exploits2
Debian CVE
Debian CVE
added 2026/04/23 12:3 a.m.6 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.6AI score0.09199EPSS
Exploits2
Rows per page
Query Builder