CVE-2026-55188 | RustFS is a distributed object storage system built in Rust.… | CVSS 8.2 HIGH

Description

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. The ListRemoteTargetHandler handler for listing remote replication targets only checks whether request credentials exist, but does not verify that the caller has replication or administrator permissions. As a result, an authenticated user with no effective bucket or admin permissions can list remote replication target configuration for a bucket. Because the returned BucketTarget objects include remote target credentials, this can disclose replication access keys and secret keys. This vulnerability is fixed in 1.0.0-beta.9.

Metadata

CVE ID: CVE-2026-55188
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-06-16 15:20 UTC
Published: 2026-06-26 20:03 UTC
Last updated: 2026-06-27 03:11 UTC
Primary CWE: CWE-200
CWE-200: Exposure of Sensitive Information to an Unauthorize…
Vendor / Product: rustfs / rustfs
Sources: cve.org · NVD

Severity & Metrics

8.2 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
rustfs	rustfs	—	>= 1.0.0-alpha.1, <= 1.0.0-beta.8

Weakness (CWE)

CWE	Source	Description
CWE-200	cna	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-522	cna	CWE-522: Insufficiently Protected Credentials
CWE-862	cna	CWE-862: Missing Authorization
CWE-863	cna	CWE-863: Incorrect Authorization

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.2	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

References (1)

https://github.com/rustfs/rustfs/security/advisories/GHSA-796f-j7xp-hwf4 https://github.com/rustfs/rustfs/security/advisories/GHSA-796f-j7xp-hwf4