265 matches found
GHSA-PJCQ-XVWQ-HHPJ vulnerabilities
Vulnerabilities for packages: spqr, nuclei, trufflehog, opentofu, dex, cert-manager-csi-driver, kyverno, gitea, grafana, teleport, cert-manager, ratify, telegraf, cert-manager-cmctl, flux, yunikorn-k8shim, bento, terraform, rancher-agent, flux-source-controller, percona-server-mongodb-operator,...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: spqr, nuclei, trufflehog, opentofu, dex, cert-manager-csi-driver, kyverno, gitea, grafana, teleport, cert-manager, ratify, telegraf, cert-manager-cmctl, flux, yunikorn-k8shim, bento, terraform, rancher-agent, flux-source-controller, percona-server-mongodb-operator,...
BIT-RCLONE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...
SUSE CVE-2026-41179
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...
Rclone 1.45.x < 1.73.5 Authentication Bypass (CVE-2026-41176)
The version of Rclone installed on the remote host is 1.45.x prior to 1.73.5. It is, therefore, affected by an authentication bypass vulnerability: - The RC endpoint options/set is exposed without AuthRequired, but it can mutate global runtime configuration, including the RC option block itself. ...
Security update for rclone (critical)
openSUSE Security Update: Security update for rclone Announcement ID: openSUSE-SU-2026:0151-1 Rating: critical References: 1140423 1232964 1233422 1262438 1262439 Cross-References: CVE-2023-45286 CVE-2023-45288 CVE-2023-48795 CVE-2024-24786 CVE-2024-45337 CVE-2024-45338 CVE-2024-51744...
Rclone 1.48.x < 1.73.5 Command Injection (CVE-2026-41179)
The version of Rclone installed on the remote host is 1.48.x prior to 1.73.5. It is, therefore, affected by a command injection vulnerability: - The RC endpoint operations/fsinfo is exposed without AuthRequired and accepts attacker-controlled fs input. Because rc.GetFs supports inline backend...
CVE-2026-41179
A flaw was found in Rclone, a command-line program for syncing files with cloud storage. An unauthenticated attacker can exploit an exposed Remote Control RC endpoint, operations/fsinfo, to instantiate a malicious backend. This allows the attacker to execute arbitrary local commands during backen...
CVE-2026-41176
A flaw was found in Rclone, a command-line program designed for synchronizing files with various cloud storage providers. An unauthenticated attacker can exploit an exposed Remote Control RC endpoint, options/set, to disable the authorization mechanism for other RC methods. This vulnerability...
OPENSUSE-SU-2026:20620-1 Security update for rclone
This update for rclone fixes the following issues: Changes in rclone: - Update to version 1.73.5: Version v1.73.5 operations: add AuthRequired to operations/fsinfo to prevent backend creation CVE-2026-41179 rc: snapshot NoAuth at startup to prevent runtime auth bypass CVE-2026-41176 rc: add...
DEBIAN-CVE-2026-41179
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...
CVE-2026-41179
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...
UBUNTU-CVE-2026-41176
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...
UBUNTU-CVE-2026-41179
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...
CVE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the operations/fsinfo endpoint in the RC server process. An attacker can execute arbitrary local commands by sending crafted requests to an exposed RC server that is running without...
CVE-2026-41179
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...
CVE-2026-41179
CVE-2026-41179 affects rclone before 1.73.5 where the RC endpoint operations/fsinfo is exposed without AuthRequired and accepts attacker-controlled fs input. This allows an unauthenticated attacker to instantiate an attacker-controlled backend via rc.GetFs(...) and trigger WebDAV bearer_token_com...
CVE-2026-41179
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...
CVE-2026-41179
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...