Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded last week7 views

CVE-2026-45039

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...

9.8CVSS0.00054EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded last week5 views

CVE-2026-47136 RustFS: Unauthenticated RustFS console license endpoint exposes license metadata

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license...

6.9CVSS5.8AI score0.00059EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/25 2:10 a.m.1 views

CVE-2026-27607 RustFS's Missing Post Policy Validation leads to Arbitrary Object Write

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy conditions in presigned POST uploads PostObject, allowing attackers to bypass content-length-range, starts-with, and Content-Type constraints. This enabl...

8.1CVSS5.6AI score0.00122EPSS
Exploits0References1
OSV
OSVadded 2026/02/03 5:31 p.m.4 views

GHSA-FC6G-2GCP-2QRQ RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers

Summary IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy IP-allowlist policies. Details - Vulnerable code: rustfs/src/auth.rs:289-304 sets...

8.7CVSS5.5AI score0.00044EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/02/03 4:6 p.m.3 views

CVE-2026-21862

RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy...

8.7CVSS5.3AI score0.00044EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/02/03 12:0 a.m.2 views

rustfs 日志信息泄露漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS from alpha.13 to alpha.81 have a vulnerability related to log information leakage. This vulnerability stems from storing sensitive credentials as plain-text records in application logs, which can lead to...

7.5CVSS5.8AI score0.00049EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2026/01/08 4:11 a.m.166 views

Exploit for CVE-2025-68705

CVE-2025-68705 - RustFS Path Traversal Exploit Description...

9.3CVSS7AI score0.00072EPSS
Exploits3
Rows per page
Query Builder