CNNVD-202601-1457 Information

CNNVD ID

CNNVD-202601-1457

Related CVE

CVE-2026-22042

• CNNVD Published: 2026-01-08

Description (Chinese)

rustfs是RustFS开源的一个高性能对象存储系统。 rustfs 1.0.0-alpha.79之前版本存在安全漏洞，该漏洞源于使用ExportIAMAction而非ImportIAMAction验证权限，可能导致未经授权的IAM修改和权限提升。

Description (English)

Rustfs is a high performance object storage system for RustFS open sources. The previous version of the rustfs 1.0.0.0-alpha.79 contains a security loophole, which stems from the use of the ExportIAMaction, rather than the ImportIAMAtion, which could lead to unauthorized IAM modifications and enhanced privileges.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

RustFS

Published

2026-01-08

Last Modified

2026-02-24

References

https://github.com/rustfs/rustfs/security/advisories/GHSA-vcwh-pff9-64cc https://access.redhat.com/security/cve/cve-2026-22042

Patch

https://rustfs.com/download/