CVE-2026-55188

RustFS’s ListRemoteTargetHandler in versions 1.0.0-alpha.1 through 1.0.0-beta.8 contains an authorization bypass that only checks for credentials and neglects to verify replication or admin permissions. This allows an authenticated user without bucket/admin rights to list remote replication targe...