CVE-2026-25138

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...

PT-2026-21985

Name of the Vulnerable Software and Affected Versions Rucio versions prior to 35.8.3 Rucio versions prior to 38.5.4 Rucio versions prior to 39.3.1 Description Rucio software contains a reflected Cross-site Scripting XSS issue in the rendering of the ExceptionMessage of the WebUI 500 error. This...

PT-2026-21999

Name of the Vulnerable Software and Affected Versions Rucio versions prior to 35.8.3, 38.5.4, and 39.3.1 Description Rucio software contains a stored Cross-Site Scripting XSS issue within the Custom Rules function of the WebUI. Attackers can inject malicious code through the comment field, which ...

CVE-2025-54064 rucio-server, rucio-ui, and rucio-webui vulnerable to insertion of X-Rucio-Auth-Token in apache access logfiles

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...