rustfs

Top products

The 13 most recently published vulnerabilities affecting rustfs.

• CVE-2026-45039RustFS: Internode RPC HMAC secret falls back to public default credential, enabling peer impersonation9.8May 28, 2026
• CVE-2026-40937RustFS missing admin authorization on notification target endpoints, which allows unauthenticated configuration of event webhooks8.3Apr 22, 2026
• CVE-2026-39360RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration4.3Apr 7, 2026
• CVE-2026-27822Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover9.0Feb 25, 2026
• CVE-2026-27607RustFS's Missing Post Policy Validation leads to Arbitrary Object Write8.1Feb 25, 2026
• CVE-2026-24762RustFS Logs Sensitive Credentials in Plaintext7.5Feb 3, 2026
• CVE-2026-21862RustFS sourceIp bypass via spoofed X-Forwarded-For/Real-IP headers7.5Feb 3, 2026
• CVE-2026-22782RustFS RPC signature verification logs shared secret7.5Jan 16, 2026
• CVE-2026-22043RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting9.8Jan 8, 2026
• CVE-2026-22042RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation8.8Jan 8, 2026
• CVE-2025-69255RustFS gRPC GetMetrics deserialization panic enables remote DoS4.0Jan 7, 2026
• CVE-2025-68705RustFS Path Traversal Vulnerability9.8Jan 7, 2026
• CVE-2025-68926RustFS has a gRPC Hardcoded Token Authentication Bypass9.8Dec 30, 2025