Lucene search
K

8 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/26 8:3 p.m.7 views

CVE-2026-55188

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. The ListRemoteTargetHandler handler for listing remote replication targets only checks whether request credentials exist...

8.2CVSS5.8AI score0.00181EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/28 7:16 p.m.17 views

CVE-2026-45039

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...

9.8CVSS0.00268EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 6:30 p.m.13 views

CVE-2026-47136 RustFS: Unauthenticated RustFS console license endpoint exposes license metadata

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license...

6.9CVSS5.8AI score0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/25 2:10 a.m.4 views

CVE-2026-27607 RustFS's Missing Post Policy Validation leads to Arbitrary Object Write

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy conditions in presigned POST uploads PostObject, allowing attackers to bypass content-length-range, starts-with, and Content-Type constraints. This enabl...

8.1CVSS5.6AI score0.00265EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 5:31 p.m.4 views

GHSA-FC6G-2GCP-2QRQ RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers

Summary IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy IP-allowlist policies. Details - Vulnerable code: rustfs/src/auth.rs:289-304 sets...

8.7CVSS5.5AI score0.00211EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:6 p.m.6 views

CVE-2026-21862

RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy...

8.7CVSS5.3AI score0.00211EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.10 views

rustfs 日志信息泄露漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS from alpha.13 to alpha.81 have a vulnerability related to log information leakage. This vulnerability stems from storing sensitive credentials as plain-text records in application logs, which can lead to...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/01/08 4:11 a.m.203 views

Exploit for CVE-2025-68705

CVE-2025-68705 - RustFS Path Traversal Exploit Description...

9.3CVSS7AI score0.06558EPSS
Exploits3
Rows per page
Query Builder