7.5

CVE-2026-22782

Exploit
RustFS is a distributed object storage system built in Rust. From >= 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret (and expected signature), which exposes the secret to log readers and enables forged RPC calls. In crates/ecstore/src/rpc/http_auth.rs, the invalid signature branch logs sensitive data. This log line includes secret and expected_signature, both derived from the shared HMAC key. Any invalidly signed request triggers this path. The function is reachable from RPC and admin request handlers. This vulnerability is fixed in 1.0.0-alpha.80.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RustfsRustfs Version1.0.0 Updatealpha1 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha10 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha11 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha12 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha13 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha14 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha15 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha16 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha17 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha18 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha19 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha2 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha20 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha21 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha22 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha23 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha24 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha25 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha26 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha27 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha28 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha29 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha3 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha30 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha31 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha32 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha33 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha34 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha35 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha36 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha37 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha38 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha39 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha4 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha40 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha41 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha42 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha43 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha44 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha45 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha46 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha47 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha48 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha49 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha5 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha50 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha51 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha52 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha53 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha54 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha55 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha56 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha57 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha58 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha59 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha6 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha60 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha61 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha62 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha63 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha64 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha65 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha66 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha67 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha68 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha69 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha7 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha70 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha71 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha72 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha73 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha74 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha75 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha76 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha77 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha78 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha79 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha8 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha9 SwPlatformrust
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.051
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com 2.9 0 0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.