CVE-2026-24762

Medium CVSS: 6.9

RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material (access key, secret key, session token) to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive credentials. This issue has been patched in version alpha.82.

Vendor

Rustfs

Product

Rustfs

CWE

CWE-532

Yayın Tarihi

2026-02-03 16:16:14

Güncelleme

2026-02-23 18:18:34

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-532 Rustfs MEDIUM Rustfs 2026

Referanslar

https://github.com/rustfs/rustfs/security/advisories/GHSA-r54g-49rx-98cr

Benzer Kayıtlar

Critical

CVE-2026-27822

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Script…

High

CVE-2026-27607

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS d…

High

CVE-2026-21862

RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be b…

Low

CVE-2026-22782

RustFS is a distributed object storage system built in Rust. From >= 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signat…

Medium

CVE-2026-22042

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he `ImportIam` admin API v…

Medium

CVE-2026-22043

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed…