Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

rucio — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting rucio. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Rucio is a data management system designed for large-scale scientific data handling, primarily used in high-energy physics and research environments. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its nine recorded CVEs. The platform's distributed architecture and complex permission models have introduced security challenges, particularly around authentication and authorization. While no major public security incidents have been widely documented, the consistent discovery of critical vulnerabilities in its web interface and API components highlights ongoing security concerns for organizations relying on this infrastructure for sensitive data operations.

Top products by rucio: rucio helm-charts
CVE IDTitleCVSSSeverityPublished
CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database — rucioCWE-89 8.8AIHighAI2026-05-06
CVE-2026-29080 Rucio SQL Injection in FilterEngine Oracle JSON Path via DID Search API — rucioCWE-89 8.8AIHighAI2026-05-06
CVE-2026-25736 Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute — rucioCWE-79 6.1 Medium2026-02-25
CVE-2026-25735 Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name — rucioCWE-79 6.1 Medium2026-02-25
CVE-2026-25734 Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata — rucioCWE-79 6.1 Medium2026-02-25
CVE-2026-25733 Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function — rucioCWE-79 7.3 High2026-02-25
CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message — rucioCWE-204 5.3 Medium2026-02-25
CVE-2026-25136 Rucio WebUI has a Reflected Cross-site Scripting Vulnerability — rucioCWE-79 8.1 High2026-02-25
CVE-2025-54064 rucio-server, rucio-ui, and rucio-webui vulnerable to insertion of X-Rucio-Auth-Token in apache access logfiles — helm-chartsCWE-532 7.5AIHighAI2025-07-17

This page lists every published CVE security advisory associated with rucio. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.