CVE-2026-55188

HIGH 8.2

RustFS: ListRemoteTargetHandler authorization bypass leaks replication target credentials

CVSS Score

8.2

EPSS Score

0.0%

EPSS Percentile

0th

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. The ListRemoteTargetHandler handler for listing remote replication targets only checks whether request credentials exist, but does not verify that the caller has replication or administrator permissions. As a result, an authenticated user with no effective bucket or admin permissions can list remote replication target configuration for a bucket. Because the returned BucketTarget objects include remote target credentials, this can disclose replication access keys and secret keys. This vulnerability is fixed in 1.0.0-beta.9.

CWE	CWE-200 CWE-522 CWE-862 CWE-863
Vendor	rustfs
Product	rustfs
Published	Jun 26, 2026

Stay Ahead of the Next One

Get instant alerts for rustfs rustfs

Be the first to know when new high vulnerabilities affecting rustfs rustfs are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Affected Versions

rustfs / rustfs

>= 1.0.0-alpha.1, <= 1.0.0-beta.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/rustfs/rustfs/security/advisories/GHSA-796f-j7xp-hwf4