CVE-2026-27822

Exploit

EPSS 0.03%
Veröffentlicht 25.02.2026 03:16:07
Zuletzt bearbeitet 25.02.2026 15:36:59
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scripting (XSS) vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an attacker can steal administrator credentials from `localStorage`, leading to full account takeover and system compromise. Version 1.0.0-alpha.83 fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rustfs ≫ Rustfs Version1.0.0 Updatealpha1 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha10 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha11 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha12 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha13 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha14 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha15 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha16 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha17 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha18 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha19 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha2 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha20 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha21 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha22 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha23 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha24 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha25 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha26 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha27 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha28 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha29 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha3 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha30 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha31 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha32 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha33 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha34 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha35 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha36 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha37 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha38 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha39 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha4 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha40 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha41 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha42 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha43 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha44 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha45 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha46 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha47 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha48 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha49 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha5 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha50 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha51 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha52 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha53 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha54 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha55 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha56 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha57 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha58 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha59 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha6 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha60 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha61 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha62 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha63 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha64 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha65 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha66 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha67 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha68 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha69 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha7 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha70 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha71 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha72 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha73 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha74 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha75 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha76 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha77 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha78 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha79 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha8 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha80 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha81 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha82 SwPlatformrust

Rustfs ≫ Rustfs Version1.0.0 Updatealpha9 SwPlatformrust

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.093

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	9	2.3	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/rustfs/rustfs/security/advisories/GHSA-v9fg-3cr2-277j

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-27822

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27822

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27822

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-27822