7.7

CVE-2026-21862

RustFS sourceIp bypass via spoofed X-Forwarded-For/Real-IP headers

RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: get_condition_values trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy IP-allowlist policies. This issue has been patched in version alpha.78.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RustfsRustfs Version1.0.0 Updatealpha1 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha10 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha11 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha12 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha13 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha14 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha15 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha16 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha17 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha18 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha19 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha2 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha20 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha21 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha22 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha23 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha24 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha25 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha26 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha27 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha28 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha29 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha3 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha30 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha31 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha32 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha33 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha34 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha35 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha36 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha37 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha38 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha39 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha4 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha40 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha41 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha42 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha43 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha44 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha45 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha46 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha47 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha48 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha49 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha5 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha50 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha51 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha52 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha53 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha54 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha55 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha56 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha57 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha58 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha59 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha6 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha60 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha61 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha62 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha63 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha64 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha65 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha66 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha67 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha68 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha69 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha7 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha70 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha71 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha72 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha73 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha74 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha75 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha76 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha77 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha8 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha9 SwPlatformrust
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.113
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
security-advisories@github.com 7.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://github.com/rustfs/rustfs/security/advisories/GHSA-fc6g-2gcp-2qrq
Vendor Advisory