Rustfs
This hub aggregates every CVE we track for Rustfs, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
13
CVEs tracked
5
Critical
6
High
0
In CISA KEV
Severity distribution
HIGH6CRITICAL5MEDIUM2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
5
4
0
2
1
0
2024-072026-06
Latest CVEs
The 13 most recently published vulnerabilities affecting Rustfs.
- CVE-2026-45039RustFS: Internode RPC HMAC secret falls back to public default credential, enabling peer impersonation9.8
- CVE-2026-40937RustFS missing admin authorization on notification target endpoints, which allows unauthenticated configuration of event webhooks8.3
- CVE-2026-39360RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration4.3
- CVE-2026-27822Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover9.0
- CVE-2026-27607RustFS's Missing Post Policy Validation leads to Arbitrary Object Write8.1
- CVE-2026-24762RustFS Logs Sensitive Credentials in Plaintext7.5
- CVE-2026-21862RustFS sourceIp bypass via spoofed X-Forwarded-For/Real-IP headers7.5
- CVE-2026-22782RustFS RPC signature verification logs shared secret7.5
- CVE-2026-22043RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting9.8
- CVE-2026-22042RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation8.8
- CVE-2025-69255RustFS gRPC GetMetrics deserialization panic enables remote DoS4.0
- CVE-2025-68705RustFS Path Traversal Vulnerability9.8
- CVE-2025-68926RustFS has a gRPC Hardcoded Token Authentication Bypass9.8
Product normalization is registry-driven with AI assist and human review. How it works