← Voltar para CVEs
CVE-2026-27822
CRITICAL9.0
Descricao
RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scripting (XSS) vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an attacker can steal administrator credentials from `localStorage`, leading to full account takeover and system compromise. Version 1.0.0-alpha.83 fixes the issue.
Detalhes CVE
Pontuacao CVSS v3.19.0
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioREQUIRED
Publicado2/25/2026
Ultima modificacao2/25/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
rustfs:rustfs
Fraquezas (CWE)
CWE-79
Referencias
https://github.com/rustfs/rustfs/security/advisories/GHSA-v9fg-3cr2-277j(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.