Browse all 3 CVE security advisories affecting rclone. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rclone is a command-line utility for synchronizing files to and from various cloud storage providers, serving as a core tool for data migration and backup operations. Historically, it has been susceptible to remote code execution vulnerabilities through improper input validation and insecure default configurations, along with privilege escalation flaws due to insufficient permission checks. While no major security incidents have been widely documented, the three recorded CVEs highlight risks in authentication mechanisms and insecure temporary file handling. The tool's cross-platform nature and extensive provider support increase its attack surface, particularly when used with privileged credentials or in automated deployment scenarios where misconfigurations could lead to data compromise.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41179 | RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution — rcloneCWE-78 | 9.8 | - | 2026-04-23 |
| CVE-2026-41176 | Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution — rcloneCWE-306 | 9.1 | - | 2026-04-22 |
| CVE-2024-52522 | Rclone Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata — rcloneCWE-59 | 8.2 | - | 2024-11-15 |
This page lists every published CVE security advisory associated with rclone. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.