CVE-2026-47136
RustFS: Unauthenticated RustFS console license endpoint exposes license metadata
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license information such as the license subject and expiration timestamp. Any client that can reach the console listener can query this endpoint without credentials. This vulnerability is fixed in 1.0.0-beta.2.
| CWE | CWE-200 CWE-306 |
| Vendor | rustfs |
| Product | rustfs |
| Published | May 28, 2026 |
| Last Updated | May 28, 2026 |
Stay Ahead of the Next One
Get instant alerts for rustfs rustfs
Be the first to know when new unknown vulnerabilities affecting rustfs rustfs are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
rustfs / rustfs
< 1.0.0-beta.2