Rclone RC - Broken Access Control

Rclone = 1.45.0 and = 1.45.0 and 1.73.5 contains a broken access control vulnerability caused by unauthenticated access to the RC endpoint options/set allowing mutation of global runtime configuration, letting unauthenticated attackers access sensitive administrative functions, exploit requires R...

CVE-2026-41176

CVE-2026-41176 affects the rclone RC interface. The RC endpoint options/set is exposed without AuthRequired, allowing an unauthenticated attacker to mutate global runtime configuration (including rc.NoAuth) and bypass authorization for many RC methods. Versions affected: 1.45.0 up to 1.73.4; fixe...