CNNVD-202601-1156 Information

CNNVD ID

CNNVD-202601-1156

Related CVE

CVE-2025-68705

• CNNVD Published: 2026-01-07

Description (Chinese)

rustfs是RustFS开源的一个高性能对象存储系统。 rustfs 1.0.0-alpha.13版本至1.0.0-alpha.78版本存在路径遍历漏洞，该漏洞源于/rustfs/rpc/read_file_stream端点存在路径遍历。

Description (English)

Rustfs is a high performance object storage system for RustFS open sources. Rustfs 1.0.0-alpha.13 to 1.0.0-alpha.78 have path-to-path loopholes, which originate from the path-to-path of /rustfs/rpc/read file stream.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

RustFS

Published

2026-01-07

Last Modified

2026-02-24

References

https://github.com/rustfs/rustfs/commit/ab752458ce431c6397175d167beee2ea00507d3e https://github.com/rustfs/rustfs/security/advisories/GHSA-pq29-69jg-9mxc

Patch

https://rustfs.com/download/