3 matches found
CVE-2026-49980
Summary of risks and remediation for CVE-2026-49980 : Rclone 1.46.0 through 1.74.3 is vulnerable to unauthenticated command execution via rcd --rc-serve. An unauthenticated GET/HEAD request to paths like /[remote:path]/object can cause the remote value to be parsed and used during backend initial...
CVE-2026-41176
A flaw was found in Rclone, a command-line program designed for synchronizing files with various cloud storage providers. An unauthenticated attacker can exploit an exposed Remote Control RC endpoint, options/set, to disable the authorization mechanism for other RC methods. This vulnerability...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the operations/fsinfo endpoint in the RC server process. An attacker can execute arbitrary local commands by sending crafted requests to an exposed RC server that is running without...