MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2026-27607

🔴 HIGH

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy conditions in presigned POST uploads (PostObject), allow...

Published
Feb 25, 2026
Last Modified
Feb 25, 2026
Views
19
Bookmarks
0

Description

Request Expert Review

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy conditions in presigned POST uploads (PostObject), allowing attackers to bypass content-length-range, starts-with, and Content-Type constraints. This enables unauthorized file uploads exceeding size limits, uploads to arbitrary object keys, and content-type spoofing, potentially leading to storage exhaustion, unauthorized data access, and security bypasses. Version 1.0.0-alpha.83 fixes the issue.

Affected Products (27)

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

rustfs - rustfs

Version: 1.0.0

CVSS Scores

CVSS 3.1 8.1
8.1
HIGH
CVSS 2.0 8.1

References

github.com

Additional Information

Source
security-advisories@github.com
State
Analyzed

Related CVEs

CVE-2026-3979

MEDIUM

A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation...

Score: 5.3

CVE-2026-3978

HIGH

A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipul...

Score: 8.8

CVE-2026-3977

MEDIUM

A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. Th...

Score: 6.3

CVE-2026-3976

HIGH

A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the co...

Score: 8.8

CVE-2026-3975

HIGH

A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterG...

Score: 8.8

CVE-2026-3974

HIGH

A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the...

Score: 8.8

Share CVE-2026-27607

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2026-27607 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis