CVE-2026-45042

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing destination bucket restrictions on allowed copy sources. The implementation validates GetObject...

CVE-2026-45042

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing destination bucket restrictions on allowed copy sources. The implementation validates GetObject...

CVE-2026-45042

RustFS is a distributed object storage system in Rust. Prior to 1.0.0-beta.2, the UploadPartCopy operation could copy objects across buckets without enforcing destination bucket policy on the source, because the implementation separately validates GetObject on the source and PutObject on the dest...

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained a security vulnerability. This vulnerability stemmed from improper authorization in the UploadPartCopy operation, allowing objects to be copied across buckets without enforci...

RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration

RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an attacker-controlled multipart upload and completing the upload. This breaks tenan...

CVE-2026-39360

RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an...

CVE-2026-39360

RustFS contains an authorization bypass in the multipart copy path (UploadPartCopy) prior to alpha.90. A low-privileged user who cannot read objects from a victim bucket can exfiltrate victim objects by copying them into an attacker-controlled multipart upload and completing the upload, breaking ...

CVE-2026-39360

RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an...

PT-2026-30978

Name of the Vulnerable Software and Affected Versions RustFS versions prior to alpha.90 Description RustFS, a distributed object storage system built in Rust, had a missing authorization check in the multipart copy path UploadPartCopy before version alpha.90. This allowed a low-privileged user,...