CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-21862

RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: get_condition_values trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy IP-allowlist policies. This issue has been patched in version alpha.78.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.8%

CVSS Severity

CVSS v3 Score 7.5

References

https://github.com/rustfs/rustfs/security/advisories/GHSA-fc6g-2gcp-2qrq

Products affected by CVE-2026-21862

Rustfs » Rustfs » Version: 1.0.0

cpe:2.3:a:rustfs:rustfs:1.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-21862

Products

Pricing

Contact Us