CVE-2026-45040
RustFS: Sensitive Information Leakage (SessionToken and SecretAccessKey) in RustFS Logs [Debug Mode]
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
9th
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST_LOG=debug sensitive credentials including SessionToken (JWT), SecretAccessKey, and full JWT claims are printed in plaintext to the server logs. This vulnerability is fixed in 1.0.0-beta.2.
| CWE | CWE-312 CWE-532 |
| Vendor | rustfs |
| Product | rustfs |
| Published | May 28, 2026 |
| Last Updated | Jun 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for rustfs rustfs
Be the first to know when new unknown vulnerabilities affecting rustfs rustfs are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
rustfs / rustfs
< 1.0.0-beta.2