8.8

CVE-2026-22042

Exploit
RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he `ImportIam` admin API validates permissions using `ExportIAMAction` instead of `ImportIAMAction`, allowing a principal with export-only IAM permissions to perform import operations. Since importing IAM data performs privileged write actions (creating/updating users, groups, policies, and service accounts), this can lead to unauthorized IAM modification and privilege escalation. Version 1.0.0-alpha.79 fixes the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RustfsRustfs Version1.0.0 Updatealpha1 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha10 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha11 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha12 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha13 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha14 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha15 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha16 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha17 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha18 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha19 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha2 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha20 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha21 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha22 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha23 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha24 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha25 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha26 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha27 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha28 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha29 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha3 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha30 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha31 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha32 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha33 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha34 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha35 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha36 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha37 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha38 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha39 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha4 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha40 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha41 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha42 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha43 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha44 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha45 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha46 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha47 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha48 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha49 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha5 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha50 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha51 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha52 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha53 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha54 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha55 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha56 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha57 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha58 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha59 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha6 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha60 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha61 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha62 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha63 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha64 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha65 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha66 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha67 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha68 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha69 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha7 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha70 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha71 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha72 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha73 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha74 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha75 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha76 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha77 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha78 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha8 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha9 SwPlatformrust
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.131
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com 5.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.