3 matches found
CVE-2026-41176
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...
Exposed Dangerous Method or Function
Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function due to insufficient validation of public methods on Command classes. An attacker can invoke more methods than should be allowed by exploiting the lack of robust checks on method permissions. Workarou...