CVE-2026-22043

Exploit

EPSS 0.02%
Veröffentlicht 08.01.2026 15:15:45
Zuletzt bearbeitet 15.01.2026 21:13:08
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed `deny_only` short-circuit in RustFS IAM allows a restricted service account or STS credential to self-issue an unrestricted service account, inheriting the parent’s full privileges. This enables privilege escalation and bypass of session/inline policy restrictions. Version 1.0.0-alpha.79 fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 3 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rustfs ≫ Rustfs Version1.0.0 Updatealpha13 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha14 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha15 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha16 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha17 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha18 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha19 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha20 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha21 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha22 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha23 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha24 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha25 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha26 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha27 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha28 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha29 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha30 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha31 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha32 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha33 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha34 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha35 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha36 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha37 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha38 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha39 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha40 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha41 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha42 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha43 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha44 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha45 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha46 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha47 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha48 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha49 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha50 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha51 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha52 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha53 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha54 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha55 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha56 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha57 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha58 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha59 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha60 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha61 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha62 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha63 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha64 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha65 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha66 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha67 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha68 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha69 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha70 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha71 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha72 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha73 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha74 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha75 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha76 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha77 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha78 SwPlatformrust

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.051

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	5.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://github.com/rustfs/rustfs/security/advisories/GHSA-xgr5-qc6w-vcg9

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-22043

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-22043

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-22043

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-22043