← Back to CVEs
CVE-2026-24762
HIGH7.5
Description
RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material (access key, secret key, session token) to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive credentials. This issue has been patched in version alpha.82.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published2/3/2026
Last Modified2/23/2026
Sourcenvd
Honeypot Sightings0
Affected Products
rustfs:rustfs
Weaknesses (CWE)
CWE-532
References
https://github.com/rustfs/rustfs/security/advisories/GHSA-r54g-49rx-98cr(security-advisories@github.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.