Lucene search
K

259 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2026/04/24 12:0 a.m.4 views

Security update for rclone (critical)

openSUSE Security Update: Security update for rclone Announcement ID: openSUSE-SU-2026:0151-1 Rating: critical References: 1140423 1232964 1233422 1262438 1262439 Cross-References: CVE-2023-45286 CVE-2023-45288 CVE-2023-48795 CVE-2024-24786 CVE-2024-45337 CVE-2024-45338 CVE-2024-51744...

8.7CVSS6.8AI score0.01557EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/23 7:12 p.m.6 views

CVE-2026-41179

A flaw was found in Rclone, a command-line program for syncing files with cloud storage. An unauthenticated attacker can exploit an exposed Remote Control RC endpoint, operations/fsinfo, to instantiate a malicious backend. This allows the attacker to execute arbitrary local commands during backen...

9.8CVSS6.2AI score0.09199EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2026/04/23 7:12 p.m.6 views

CVE-2026-41176

A flaw was found in Rclone, a command-line program designed for synchronizing files with various cloud storage providers. An unauthenticated attacker can exploit an exposed Remote Control RC endpoint, options/set, to disable the authorization mechanism for other RC methods. This vulnerability...

9.8CVSS5.7AI score0.34734EPSS
Exploits1References6
OSV
OSV
added 2026/04/23 4:22 p.m.5 views

OPENSUSE-SU-2026:20620-1 Security update for rclone

This update for rclone fixes the following issues: Changes in rclone: - Update to version 1.73.5: Version v1.73.5 operations: add AuthRequired to operations/fsinfo to prevent backend creation CVE-2026-41179 rc: snapshot NoAuth at startup to prevent runtime auth bypass CVE-2026-41176 rc: add...

10CVSS7.1AI score0.34734EPSS
Exploits9References16
OSV
OSV
added 2026/04/23 12:16 a.m.9 views

DEBIAN-CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.6AI score0.09199EPSS
Exploits2References1
NVD
NVD
added 2026/04/23 12:16 a.m.10 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS0.09199EPSS
Exploits2References10
OSV
OSV
added 2026/04/23 12:16 a.m.4 views

UBUNTU-CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.9AI score0.09199EPSS
Exploits2References4
OSV
OSV
added 2026/04/23 12:16 a.m.3 views

UBUNTU-CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS5.8AI score0.34734EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/23 12:3 a.m.40 views

CVE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.2CVSS0.09199EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2026/04/23 12:3 a.m.6 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.2CVSS5.9AI score0.09199EPSS
Exploits2References5Affected Software1
Snyk
Snyk
added 2026/04/23 12:3 a.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the operations/fsinfo endpoint in the RC server process. An attacker can execute arbitrary local commands by sending crafted requests to an exposed RC server that is running without...

9.8CVSS5.9AI score0.09199EPSS
Exploits2References2
CVE
CVE
added 2026/04/23 12:3 a.m.39 views

CVE-2026-41179

CVE-2026-41179 affects rclone before 1.73.5 where the RC endpoint operations/fsinfo is exposed without AuthRequired and accepts attacker-controlled fs input. This allows an unauthenticated attacker to instantiate an attacker-controlled backend via rc.GetFs(...) and trigger WebDAV bearer_token_com...

9.8CVSS5.9AI score0.09199EPSS
Exploits2References10Affected Software1
Debian CVE
Debian CVE
added 2026/04/23 12:3 a.m.4 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.6AI score0.09199EPSS
Exploits2
AlpineLinux
AlpineLinux
added 2026/04/23 12:3 a.m.6 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.6AI score0.09199EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-41179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version...

9.8CVSS5.9AI score0.09199EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

Rclone 操作系统命令注入漏洞

Rclone is a software developed by the Rclone team that can synchronize data asynchronously from cloud storage. This software supports synchronization with various cloud storages, including Google Drive, Amazon Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Cloudfiles, Google Cloud...

9.8CVSS5.9AI score0.09199EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2026/04/23 12:0 a.m.10 views

CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS5.8AI score0.34734EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/04/23 12:0 a.m.21 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.8AI score0.09199EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-41176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without...

9.8CVSS5.8AI score0.34734EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/22 11:57 p.m.5 views

CVE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.2CVSS5.8AI score0.34734EPSS
Exploits1References3
Rows per page
Query Builder