GO-2026-4964 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution in github.com/rclone/rclone

Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution in github.com/rclone/rclone. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3285 (ALAS-2026-3285)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3285 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC...

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3264 (ALAS-2026-3264)

"The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3264 advisory. gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper...

JLSEC-2026-281 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution

Summary The RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs... supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend,...

DEBIAN-CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

Linux Distros Unpatched Vulnerability : CVE-2026-41179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version...

Linux Distros Unpatched Vulnerability : CVE-2026-41176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without...

Rclone 操作系统命令注入漏洞

Rclone is a software developed by the Rclone team that can synchronize data asynchronously from cloud storage. This software supports synchronization with various cloud storages, including Google Drive, Amazon Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Cloudfiles, Google Cloud...

Rclone 访问控制错误漏洞

Rclone is a software developed by the Rclone team that can synchronize data asynchronously from cloud storage. This software supports various cloud storage services such as Google Drive, Amazon Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Cloudfiles, Google Cloud Storage, and Yandex...

EUVD-2021-1401

Malware in sbrugna...

EUVD-2018-4860

Malware in sbrugna...

EUVD-2024-3358

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-28924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with...

Amazon Linux 2 : rclone (ALAS-2025-2905)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2905 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF...

Important: rclone

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

SUSE CVE-2024-52522

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target...

PT-2024-35354 · Rclone +2 · Rclone +2

Name of the Vulnerable Software and Affected Versions: rclone versions prior to 1.68.2 Description: The issue is related to insecure handling of symlinks with --links and --metadata in rclone while copying to local disk. This allows unprivileged users to indirectly modify ownership and permission...

Rclone 安全漏洞

Rclone is a software from the Rclone team that synchronizes data asynchronously from cloud storage. The software supports Google Drive, Amazon Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Cloudfiles, Google Cloud Storage, Yandex Files and other cloud storage. A security vulnerabilit...

Insecure Cryptography

rclone is vulnerable to insecure cryptography. The vulnerability exists due to the use of an insecure random number generator which produces insecure passwords with much less entropy than advertised...