Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-24762— RustFS Logs Sensitive Credentials in Plaintext

EPSS 0.05% · P15
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-24762

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
RustFS Logs Sensitive Credentials in Plaintext
Source: NVD (National Vulnerability Database)
Vulnerability Description
RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material (access key, secret key, session token) to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive credentials. This issue has been patched in version alpha.82.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过日志文件的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
rustfs 日志信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
rustfs是RustFS开源的一个高性能对象存储系统。 rustfs alpha.13版本至alpha.81版本存在日志信息泄露漏洞,该漏洞源于将敏感凭据以明文记录到应用程序日志,可能导致凭据泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
rustfsrustfs >= alpha.13, < alpha.82 -

II. Public POCs for CVE-2026-24762

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-24762

登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: rustfs
Same vendor: rustfs
Same weakness: CWE-532

V. Comments for CVE-2026-24762

No comments yet

Leave a comment