Lucene search
K

259 matches found

Debian CVE
Debian CVE
added 2026/04/22 11:57 p.m.6 views

CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS5.3AI score0.34734EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/04/22 11:57 p.m.6 views

CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.2CVSS5.8AI score0.34734EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/22 11:57 p.m.258 views

CVE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.2CVSS0.34734EPSS
Exploits1References3
CVE
CVE
added 2026/04/22 11:57 p.m.72 views

CVE-2026-41176

CVE-2026-41176 affects the rclone RC interface. The RC endpoint options/set is exposed without AuthRequired, allowing an unauthenticated attacker to mutate global runtime configuration (including rc.NoAuth) and bypass authorization for many RC methods. Versions affected: 1.45.0 up to 1.73.4; fixe...

9.8CVSS5.8AI score0.34734EPSS
In wildExploits1References6Affected Software1
EUVD
EUVD
added 2026/04/22 2:45 p.m.8 views

EUVD-2026-25144

RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution...

9.2CVSS5.9AI score0.09199EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2026/04/22 2:45 p.m.10 views

RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution

Summary The RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs... supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend,...

9.8CVSS6.1AI score0.09199EPSS
Exploits2References9Affected Software1
OSV
OSV
added 2026/04/22 2:44 p.m.6 views

GHSA-25QR-6MPR-F7QX Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

Summary The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. An unauthenticated attacker can set rc.NoAuth=true, which disables the authorization gate for many RC methods registered with...

9.8CVSS6.2AI score0.34734EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/22 2:44 p.m.6 views

EUVD-2026-25142

Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution...

9.2CVSS5.9AI score0.34734EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/22 2:44 p.m.9 views

Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

Summary The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. An unauthenticated attacker can set rc.NoAuth=true, which disables the authorization gate for many RC methods registered with...

9.8CVSS6.2AI score0.34734EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

Rclone 访问控制错误漏洞

Rclone is a software developed by the Rclone team that can synchronize data asynchronously from cloud storage. This software supports various cloud storage services such as Google Drive, Amazon Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Cloudfiles, Google Cloud Storage, and Yandex...

9.8CVSS5.8AI score0.34734EPSS
Exploits1References2
OSV
OSV
added 2026/04/20 12:0 a.m.4 views

OPENSUSE-SU-2026:10584-1 rclone-1.73.5-1.1 on GA media

These are all security issues fixed in the rclone-1.73.5-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS5.8AI score0.34734EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.6 views

PT-2026-33832

Name of the Vulnerable Software and Affected Versions Rclone versions 1.45.0 through 1.73.4 Description An authorization bypass exists in the Remote Control RC interface of Rclone. The RC endpoint "options/set" is exposed without requiring authentication, allowing an unauthenticated attacker to...

9.8CVSS6AI score0.34734EPSS
Exploits1References34
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.8 views

PT-2026-33833

Name of the Vulnerable Software and Affected Versions Rclone versions 1.48.0 through 1.73.4 Description The RC endpoint "operations/fsinfo" is exposed without authentication and accepts attacker-controlled fs input. Since the rc.GetFs function supports inline backend definitions, an unauthenticat...

9.8CVSS5.9AI score0.09199EPSS
Exploits2References37
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.8 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: gitleaks, sftpgo, terraform, hubble-ui, external-dns, infinispan-operator, mongo-tools, crossplane-provider-azure-sql, syft, docker-credential-ecr-login, configmap-reload, slsa-verifier, nats, grafana-mimir, argo-cd, falco-exporter, aws-load-balancer-controller, kbld...

7.5CVSS6.9AI score0.00621EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.12 views

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: gitleaks, sftpgo, terraform, hubble-ui, external-dns, infinispan-operator, mongo-tools, crossplane-provider-azure-sql, syft, docker-credential-ecr-login, configmap-reload, slsa-verifier, nats, grafana-mimir, argo-cd, falco-exporter, aws-load-balancer-controller, kbld...

7.5CVSS6.9AI score0.00349EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.9 views

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver, cadvisor, sftpgo, terraform, hubble-ui, amazon-cloudwatch-agent-operator, cilium-envoy, external-dns, aws-flb-kinesis, kubernetes-dashboard-auth, crossplane-provider-azure-sql, cluster-autoscaler, vault-secrets-webhook, yunikorn-k8shim, syft...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/04/08 7:17 p.m.10 views

GHSA-XMRV-PMRH-HHX2 vulnerabilities

Vulnerabilities for packages: flux-kustomize-controller, crossplane-provider-aws-eks-fips, crossplane-provider-aws-ec2-fips, crossplane-provider-aws-elbv2-fips, opencost-fips, tflint-fips, tflint, sops, vault-env, crossplane-provider-aws-ecr-fips, docker-fips, nemo, terraform-provider-acme,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/03/31 7:17 p.m.7 views

CVE-2026-32285 vulnerabilities

Vulnerabilities for packages: redpanda, witness, nfpm, grafana-beyla, influxd, tempo-fips, maru, rclone-fips, grafana, elastic-agent, grafana-alloy, eksctl, malcontent, opentelemetry-collector, ollama-fips, terraform-mcp-server, terragrunt-fips, prometheus, terragrunt, dgraph, teleport,...

7.5CVSS6.7AI score0.0075EPSS
Exploits1
Wolfi
Wolfi
added 2026/03/31 1:48 p.m.16 views

CVE-2026-32285 vulnerabilities

Vulnerabilities for packages: lazygit, tempo, ollama, opentelemetry-collector, k3s, dagger, teleport, minio, grafana-alloy, nuclei, k8sgpt, kubevela, terraform-mcp-server, vcluster, terragrunt, loki, eksctl, nfpm, malcontent, goreleaser, prometheus, redpanda, cri-tools, rclone, weaviate,...

7.5CVSS6.7AI score0.0075EPSS
Exploits1
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/28 12:0 a.m.5 views

rclone-1.73.3-1.1 on GA media (moderate)

rclone-1.73.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10419-1 Rating: moderate Cross-References: CVE-2026-33186 CVSS scores: CVE-2026-33186 SUSE : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2026-33186 SUSE : 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N...

8.6CVSS5.9AI score0.01557EPSS
Exploits1
Rows per page
Query Builder