| CVE-2026-40937 |
unknown |
— |
— |
|
|
|
1mo ago |
RustFS: Missing admin authorization on notification target endpoints allows unauthenticated configuration of event webhooks |
| CVE-2026-39360 |
unknown |
— |
— |
|
|
|
2mo ago |
RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration |
| CVE-2026-27822 |
unknown |
— |
— |
|
|
|
3mo ago |
Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover |
| CVE-2026-27607 |
unknown |
— |
— |
|
|
|
3mo ago |
RustFS: Missing Post Policy Validation leads to Arbitrary Object Write |
| CVE-2026-24762 |
unknown |
— |
— |
|
|
|
4mo ago |
RustFS Logs Sensitive Credentials in Plaintext |
| CVE-2026-21862 |
unknown |
— |
— |
|
|
|
4mo ago |
RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers |
| CVE-2026-22782 |
unknown |
— |
— |
|
|
|
4mo ago |
RustFS's RPC signature verification logs shared secret |
| CVE-2026-22043 |
unknown |
— |
— |
|
|
|
5mo ago |
RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting |
| CVE-2026-22042 |
unknown |
— |
— |
|
|
|
5mo ago |
RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation |
| CVE-2025-69255 |
unknown |
— |
— |
|
|
|
5mo ago |
RustFS gRPC GetMetrics deserialization panic enables remote DoS |
| CVE-2025-68705 |
unknown |
— |
— |
|
|
|
5mo ago |
RustFS Path Traversal Vulnerability |
| CVE-2025-68926 |
unknown |
— |
— |
|
|
|
5mo ago |
RustFS has a gRPC Hardcoded Token Authentication Bypass |