Lucene search
K

259 matches found

Nuclei
Nuclei
added yesterday9 views

Rclone RC - Broken Access Control

Rclone = 1.45.0 and = 1.45.0 and 1.73.5 contains a broken access control vulnerability caused by unauthenticated access to the RC endpoint options/set allowing mutation of global runtime configuration, letting unauthenticated attackers access sensitive administrative functions, exploit requires R...

9.8CVSS6.1AI score0.34734EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday11 views

RClone RC - Command Injection

Rclone = 1.48.0 and = 1.48.0 and 1.73.5 contains an unauthenticated local command execution caused by unauthenticated access to the RC endpoint operations/fsinfo with attacker-controlled fs input, letting unauthenticated attackers execute local commands, exploit requires reachable RC deployment...

9.8CVSS6.2AI score0.09199EPSS
Exploits2References2
Amazon
Amazon
added 2026/07/07 12:0 a.m.6 views

Important: rclone

Issue Overview: The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size. CVE-2026-46601 The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause...

7.5CVSS5.9AI score0.00346EPSS
Exploits0
Fedora
Fedora
added 2026/07/02 1:12 a.m.9 views

[SECURITY] Fedora 43 Update: rclone-1.74.3-1.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.1CVSS6.3AI score0.00533EPSS
Exploits1
Fedora
Fedora
added 2026/07/02 1:11 a.m.9 views

[SECURITY] Fedora 44 Update: rclone-1.74.3-1.fc44

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.1CVSS6.3AI score0.00533EPSS
Exploits1
OSV
OSV
added 2026/06/30 11:50 p.m.5 views

BIT-RCLONE-2026-49980 Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3494 (ALAS-2026-3494)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3494 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Amazon Linux 2023 : rclone (ALAS2023-2026-1907)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1907 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD reques...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

FreeBSD : rclone -- Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation (0f3342e3-73ba-11f1-910d-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0f3342e3-73ba-11f1-910d-3c7c3fba4204 advisory. https://github.com/rclone/rclone/security/advisories/GHSA-qw24-gh76-8rvv reports: Rclone is a...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 12:19 p.m.4 views

ROOT-APP-GOBINARY-CVE-2026-49980 CVE-2026-49980 in rootio-github.com/rclone/rclone - Patched by Root

Root has patched CVE-2026-49980 in the rootio-github.com/rclone/rclone package for Root:Go. Multiple fixed versions available...

9.8CVSS5.8AI score0.00701EPSS
Exploits0
OSV
OSV
added 2026/06/29 12:19 p.m.7 views

ROOT-APP-GOBINARY-CVE-2026-41179 CVE-2026-41179 in rootio-github.com/rclone/rclone - Patched by Root

Root has patched CVE-2026-41179 in the rootio-github.com/rclone/rclone package for Root:Go. Multiple fixed versions available...

9.8CVSS5.8AI score0.09199EPSS
Exploits2
OSV
OSV
added 2026/06/29 12:19 p.m.7 views

ROOT-APP-GOBINARY-CVE-2026-41176 CVE-2026-41176 in rootio-github.com/rclone/rclone - Patched by Root

Root has patched CVE-2026-41176 in the rootio-github.com/rclone/rclone package for Root:Go. Multiple fixed versions available...

9.8CVSS5.8AI score0.34734EPSS
Exploits1
Amazon
Amazon
added 2026/06/29 12:0 a.m.6 views

Critical: rclone

Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from th...

9.8CVSS5.8AI score0.00701EPSS
Exploits0
Amazon
Amazon
added 2026/06/29 12:0 a.m.7 views

Critical: rclone

Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from th...

9.8CVSS5.9AI score0.00701EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/25 6:38 p.m.6 views

CVE-2026-49980

A flaw was found in Rclone, a command-line program for cloud storage synchronization. When the rcd --rc-serve option is enabled, an unauthenticated remote attacker can send specially crafted GET or HEAD requests to execute arbitrary commands as the Rclone process user. This vulnerability allows f...

9.8CVSS6.5AI score0.00701EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-49980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve...

9.8CVSS6.2AI score0.00701EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 7:17 p.m.10 views

CVE-2026-49980

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

9.8CVSS0.00701EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 7:17 p.m.3 views

UBUNTU-CVE-2026-49980

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

9.8CVSS6AI score0.00701EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 5:52 p.m.141 views

CVE-2026-49980

Summary of risks and remediation for CVE-2026-49980 : Rclone 1.46.0 through 1.74.3 is vulnerable to unauthenticated command execution via rcd --rc-serve. An unauthenticated GET/HEAD request to paths like /[remote:path]/object can cause the remote value to be parsed and used during backend initial...

9.8CVSS6AI score0.00701EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/24 5:52 p.m.5 views

CVE-2026-49980

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References4
Rows per page
Query Builder