Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

rustfs — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting rustfs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Rustfs is a Rust-based filesystem designed for secure, high-performance storage operations. Its core use case involves providing a reliable file system implementation with memory safety guarantees. Historically, common vulnerabilities affecting similar Rust filesystem implementations include remote code execution flaws through malicious filesystem images, cross-site scripting vulnerabilities in web management interfaces, and privilege escalation through improper access control. Rustfs has demonstrated strong memory safety characteristics due to Rust's ownership model, though it has recorded 12 CVEs, primarily focusing on denial-of-service vulnerabilities and input validation issues in its API endpoints. No major security incidents have been publicly documented for this specific implementation.

Top products by rustfs: rustfs
CVE IDTitleCVSSSeverityPublished
CVE-2026-40937 RustFS missing admin authorization on notification target endpoints, which allows unauthenticated configuration of event webhooks — rustfsCWE-862 8.3 High2026-04-22
CVE-2026-39360 RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration — rustfsCWE-862 6.5AIMediumAI2026-04-07
CVE-2026-27822 Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover — rustfsCWE-79 9.1 Critical2026-02-25
CVE-2026-27607 RustFS's Missing Post Policy Validation leads to Arbitrary Object Write — rustfsCWE-20 8.1 High2026-02-25
CVE-2026-24762 RustFS Logs Sensitive Credentials in Plaintext — rustfsCWE-532 6.5AIMediumAI2026-02-03
CVE-2026-21862 RustFS sourceIp bypass via spoofed X-Forwarded-For/Real-IP headers — rustfsCWE-290 9.1AICriticalAI2026-02-03
CVE-2026-22782 RustFS RPC signature verification logs shared secret — rustfsCWE-532 7.5 -2026-01-16
CVE-2026-22043 RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting — rustfsCWE-269 8.8 -2026-01-08
CVE-2026-22042 RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation — rustfsCWE-285 8.8 -2026-01-08
CVE-2025-69255 RustFS gRPC GetMetrics deserialization panic enables remote DoS — rustfsCWE-755 7.5 -2026-01-07
CVE-2025-68705 RustFS Path Traversal Vulnerability — rustfsCWE-22 6.5 -2026-01-07
CVE-2025-68926 RustFS has a gRPC Hardcoded Token Authentication Bypass — rustfsCWE-798 9.8 Critical2025-12-30

This page lists every published CVE security advisory associated with rustfs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.