259 matches found
CVE-2026-41176
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...
CVE-2026-41176
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...
CVE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...
CVE-2026-41176
CVE-2026-41176 affects the rclone RC interface. The RC endpoint options/set is exposed without AuthRequired, allowing an unauthenticated attacker to mutate global runtime configuration (including rc.NoAuth) and bypass authorization for many RC methods. Versions affected: 1.45.0 up to 1.73.4; fixe...
EUVD-2026-25144
RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution...
RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution
Summary The RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs... supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend,...
GHSA-25QR-6MPR-F7QX Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution
Summary The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. An unauthenticated attacker can set rc.NoAuth=true, which disables the authorization gate for many RC methods registered with...
EUVD-2026-25142
Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution...
Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution
Summary The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. An unauthenticated attacker can set rc.NoAuth=true, which disables the authorization gate for many RC methods registered with...
Rclone 访问控制错误漏洞
Rclone is a software developed by the Rclone team that can synchronize data asynchronously from cloud storage. This software supports various cloud storage services such as Google Drive, Amazon Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Cloudfiles, Google Cloud Storage, and Yandex...
OPENSUSE-SU-2026:10584-1 rclone-1.73.5-1.1 on GA media
These are all security issues fixed in the rclone-1.73.5-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-33832
Name of the Vulnerable Software and Affected Versions Rclone versions 1.45.0 through 1.73.4 Description An authorization bypass exists in the Remote Control RC interface of Rclone. The RC endpoint "options/set" is exposed without requiring authentication, allowing an unauthenticated attacker to...
PT-2026-33833
Name of the Vulnerable Software and Affected Versions Rclone versions 1.48.0 through 1.73.4 Description The RC endpoint "operations/fsinfo" is exposed without authentication and accepts attacker-controlled fs input. Since the rc.GetFs function supports inline backend definitions, an unauthenticat...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: gitleaks, sftpgo, terraform, hubble-ui, external-dns, infinispan-operator, mongo-tools, crossplane-provider-azure-sql, syft, docker-credential-ecr-login, configmap-reload, slsa-verifier, nats, grafana-mimir, argo-cd, falco-exporter, aws-load-balancer-controller, kbld...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: gitleaks, sftpgo, terraform, hubble-ui, external-dns, infinispan-operator, mongo-tools, crossplane-provider-azure-sql, syft, docker-credential-ecr-login, configmap-reload, slsa-verifier, nats, grafana-mimir, argo-cd, falco-exporter, aws-load-balancer-controller, kbld...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver, cadvisor, sftpgo, terraform, hubble-ui, amazon-cloudwatch-agent-operator, cilium-envoy, external-dns, aws-flb-kinesis, kubernetes-dashboard-auth, crossplane-provider-azure-sql, cluster-autoscaler, vault-secrets-webhook, yunikorn-k8shim, syft...
GHSA-XMRV-PMRH-HHX2 vulnerabilities
Vulnerabilities for packages: flux-kustomize-controller, crossplane-provider-aws-eks-fips, crossplane-provider-aws-ec2-fips, crossplane-provider-aws-elbv2-fips, opencost-fips, tflint-fips, tflint, sops, vault-env, crossplane-provider-aws-ecr-fips, docker-fips, nemo, terraform-provider-acme,...
CVE-2026-32285 vulnerabilities
Vulnerabilities for packages: redpanda, witness, nfpm, grafana-beyla, influxd, tempo-fips, maru, rclone-fips, grafana, elastic-agent, grafana-alloy, eksctl, malcontent, opentelemetry-collector, ollama-fips, terraform-mcp-server, terragrunt-fips, prometheus, terragrunt, dgraph, teleport,...
CVE-2026-32285 vulnerabilities
Vulnerabilities for packages: lazygit, tempo, ollama, opentelemetry-collector, k3s, dagger, teleport, minio, grafana-alloy, nuclei, k8sgpt, kubevela, terraform-mcp-server, vcluster, terragrunt, loki, eksctl, nfpm, malcontent, goreleaser, prometheus, redpanda, cri-tools, rclone, weaviate,...
rclone-1.73.3-1.1 on GA media (moderate)
rclone-1.73.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10419-1 Rating: moderate Cross-References: CVE-2026-33186 CVSS scores: CVE-2026-33186 SUSE : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2026-33186 SUSE : 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N...