CVE-2026-27822

Critical CVSS: 9.0

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scripting (XSS) vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an attacker can steal administrator credentials from `localStorage`, leading to full account takeover and system compromise. Version 1.0.0-alpha.83 fixes the issue.

Vendor

Rustfs

Product

Rustfs

CWE

CWE-79

Yayın Tarihi

2026-02-25 03:16:07

Güncelleme

2026-02-25 15:36:59

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Rustfs CRITICAL Rustfs 2026

Referanslar

https://github.com/rustfs/rustfs/security/advisories/GHSA-v9fg-3cr2-277j

Benzer Kayıtlar

High

CVE-2026-27607

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS d…

Medium

CVE-2026-24762

RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive c…

High

CVE-2026-21862

RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be b…

Low

CVE-2026-22782

RustFS is a distributed object storage system built in Rust. From >= 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signat…

Medium

CVE-2026-22042

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he `ImportIam` admin API v…

Medium

CVE-2026-22043

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed…