CNNVD-202601-1456 Information

CNNVD ID

CNNVD-202601-1456

Related CVE

CVE-2026-22043

• CNNVD Published: 2026-01-08

Description (Chinese)

rustfs是RustFS开源的一个高性能对象存储系统。 rustfs 1.0.0-alpha.13版本至1.0.0-alpha.78版本存在安全漏洞，该漏洞源于deny_only短路逻辑缺陷，可能导致权限提升和绕过会话策略限制。

Description (English)

Rustfs is a high performance object storage system for RustFS open sources. Rustfs 1.0.0-alpha.13 to 1.0.0-alpha.78 have a security loophole, which stems from a Deny only short-circuit logic flaw, which may lead to the increase of privileges and circumvention of session strategy limits.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

RustFS

Published

2026-01-08

Last Modified

2026-02-24

References

https://github.com/rustfs/rustfs/security/advisories/GHSA-xgr5-qc6w-vcg9 https://access.redhat.com/security/cve/cve-2026-22043

Patch

https://rustfs.com/download/