Lucene search
+L

279 matches found

nuclei
nuclei
added yesterday9 views

Rclone RC - Broken Access Control

Rclone = 1.45.0 and = 1.45.0 and 1.73.5 contains a broken access control vulnerability caused by unauthenticated access to the RC endpoint options/set allowing mutation of global runtime configuration, letting unauthenticated attackers access sensitive administrative functions, exploit requires R...

9.8CVSS6.1AI score0.34734EPSS
Exploits1References2
nuclei
nuclei
added yesterday11 views

RClone RC - Command Injection

Rclone = 1.48.0 and = 1.48.0 and 1.73.5 contains an unauthenticated local command execution caused by unauthenticated access to the RC endpoint operations/fsinfo with attacker-controlled fs input, letting unauthenticated attackers execute local commands, exploit requires reachable RC deployment...

9.8CVSS6.2AI score0.09199EPSS
Exploits2References2
redhatcve
redhatcve
added 2 days ago6 views

CVE-2026-59733

A flaw was found in Rclone. When using the rclone serve restic --private-repos command, an authenticated user can include directory traversal sequences e.g., .. in a request. This allows them to bypass authorization and read, overwrite, or delete another user's private repository on backends that...

8.8CVSS6AI score0.00523EPSS
Exploits1References7
nessus
nessus
added 2 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-59733

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-rep...

8.8CVSS6.1AI score0.00523EPSS
Exploits1References3
osv
osv
added 3 days ago4 views

DEBIAN-CVE-2026-59733

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...

8.8CVSS6.1AI score0.00523EPSS
Exploits1References1
nvd
nvd
added 3 days ago10 views

CVE-2026-59733

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...

8.8CVSS0.00523EPSS
Exploits1References4
osv
osv
added 3 days ago4 views

DEBIAN-CVE-2026-59732

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as...

5CVSS6.1AI score0.00144EPSS
Exploits1References1
nvd
nvd
added 3 days ago9 views

CVE-2026-59732

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as...

5CVSS0.00144EPSS
Exploits1References4
osv
osv
added 3 days ago4 views

DEBIAN-CVE-2026-54572

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

7.5CVSS6.1AI score0.00343EPSS
Exploits1References1
nvd
nvd
added 3 days ago9 views

CVE-2026-54572

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

7.5CVSS0.00343EPSS
Exploits1References4
cve
cve
added 3 days ago12 views

CVE-2026-59733

CVE-2026-59733 affects the rclone tool before version 1.74.4, specifically when using the command set “serve restic --private-repos.” The issue arises because authorization is enforced using the routed user path segment while the backend object key is built from the raw, uncleaned URL path, allow...

8.8CVSS6.1AI score0.00523EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 3 days ago33 views

CVE-2026-54572 rclone: Unvalidated symlink target in local `--links` — arbitrary file write from an untrusted remote

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

7.5CVSS0.00343EPSS
Exploits1References4
cve
cve
added 3 days ago14 views

CVE-2026-54572

Rogue symlink handling in rclone before 1.74.4: when using -l/--links, rclone serializes symlinks as .rclonelink and recreates them locally without validating the target, allowing an attacker-controlled remote to plant an escaping symlink and cause subsequent writes to land outside the destinatio...

8.8CVSS6.1AI score0.00343EPSS
Exploits1References4Affected Software1
cve
cve
added 3 days ago14 views

CVE-2026-59732

The CVE describes a vulnerability in rclone where rclone archive extract could write extracted files outside the user-specified destination prefix when processing crafted archives containing parent path components (e.g., ../). This allowed creating or overwriting sibling objects in the same bucke...

5CVSS6.1AI score0.00144EPSS
Exploits1References4Affected Software1
opensuse
opensuse
added 5 days ago3 views

rclone-1.74.4-1.1 on GA media (moderate)

rclone-1.74.4-1.1 on GA media Announcement ID: openSUSE-SU-2026:11241-1 Rating: moderate Cross-References: CVE-2026-54572 CVE-2026-59732 CVE-2026-59733 Affected Products: openSUSE Tumbleweed An update that solves 3 vulnerabilities can now be installed. Description: These are all security issues...

8.8CVSS6.1AI score0.00523EPSS
Exploits3
ptsecurity
ptsecurity
added 2026/07/09 12:0 a.m.7 views

PT-2026-57234

Name of the Vulnerable Software and Affected Versions rclone versions prior to 1.74.4 Description When using the -l/--links flag, the software serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target. This allows an attacker-controlle...

7.5CVSS6.1AI score0.00343EPSS
Exploits1References10
ptsecurity
ptsecurity
added 2026/07/09 12:0 a.m.11 views

PT-2026-57243

Name of the Vulnerable Software and Affected Versions rclone versions prior to 1.74.4 Description When using the serve restic --private-repos command, the software enforces authorization based on the routed user path segment but constructs the backend object key using the raw, uncleaned URL path...

8.8CVSS6.1AI score0.00523EPSS
Exploits1References10
ptsecurity
ptsecurity
added 2026/07/09 12:0 a.m.10 views

PT-2026-57242

Name of the Vulnerable Software and Affected Versions rclone versions prior to 1.74.4 Description The archive extract function allows the creation or overwriting of sibling objects within the same bucket or path scope. This occurs when extracting a specially crafted archive containing parent path...

5CVSS6.1AI score0.00144EPSS
Exploits1References10
osv
osv
added 2026/07/09 12:0 a.m.1 views

OPENSUSE-SU-2026:11241-1 rclone-1.74.4-1.1 on GA media

These are all security issues fixed in the rclone-1.74.4-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS6.1AI score0.00523EPSS
Exploits3References3
amazon
amazon
added 2026/07/07 12:0 a.m.6 views

Important: rclone

Issue Overview: The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size. CVE-2026-46601 The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause...

7.5CVSS5.9AI score0.00346EPSS
Exploits0
Rows per page
Query Builder