{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T06:57:14.930","vulnerabilities":[{"cve":{"id":"CVE-2026-22042","sourceIdentifier":"security-advisories@github.com","published":"2026-01-08T15:15:45.443","lastModified":"2026-01-15T21:11:34.373","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he `ImportIam` admin API validates permissions using `ExportIAMAction` instead of `ImportIAMAction`, allowing a principal with export-only IAM permissions to perform import operations. Since importing IAM data performs privileged write actions (creating/updating users, groups, policies, and service accounts), this can lead to unauthorized IAM modification and privilege escalation. Version 1.0.0-alpha.79 fixes the issue."},{"lang":"es","value":"RustFS es un sistema de almacenamiento de objetos distribuido construido en Rust. Antes de la versión 1.0.0-alpha.79, la API de administración 'ImportIam' valida los permisos usando 'ExportIAMAction' en lugar de 'ImportIAMAction', permitiendo que una entidad con permisos IAM solo de exportación realice operaciones de importación. Dado que la importación de datos IAM realiza acciones de escritura privilegiadas (creación/actualización de usuarios, grupos, políticas y cuentas de servicio), esto puede llevar a una modificación no autorizada de IAM y escalada de privilegios. La versión 1.0.0-alpha.79 corrige el problema."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-863"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha1:*:*:*:rust:*:*","matchCriteriaId":"454A2F3A-76CF-4F2D-97FE-AEDEBE8FF1CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha10:*:*:*:rust:*:*","matchCriteriaId":"32B2D146-7920-4C6D-B42F-1BDDF5193394"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha11:*:*:*:rust:*:*","matchCriteriaId":"B25BC365-35BA-438A-B5B1-3FA696767821"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha12:*:*:*:rust:*:*","matchCriteriaId":"B69213F1-7D94-4185-9309-FF3140733550"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha13:*:*:*:rust:*:*","matchCriteriaId":"BD2476D6-257C-4A96-BED4-D8B002402242"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha14:*:*:*:rust:*:*","matchCriteriaId":"774EC64C-73ED-4D6B-893B-30A066DA934C"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha15:*:*:*:rust:*:*","matchCriteriaId":"4B567F4F-131F-4D4B-8C0C-9212F22F2BB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha16:*:*:*:rust:*:*","matchCriteriaId":"711F7641-A2B2-410B-B05D-6656F9A1798F"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha17:*:*:*:rust:*:*","matchCriteriaId":"EB79AC62-2B79-441C-BC09-4C834C32EADA"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha18:*:*:*:rust:*:*","matchCriteriaId":"62DE84EE-9F3B-460A-AC13-D2B8CCBC5B4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha19:*:*:*:rust:*:*","matchCriteriaId":"DEF70599-6550-49D2-9800-FE3249A66568"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha2:*:*:*:rust:*:*","matchCriteriaId":"550786BD-A6A4-454B-BDAB-67AE64DABCA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha20:*:*:*:rust:*:*","matchCriteriaId":"FDFE93A5-B6D7-482A-A891-4D8844604C07"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha21:*:*:*:rust:*:*","matchCriteriaId":"79AC4F00-B006-46C2-863F-2946BB02B58E"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha22:*:*:*:rust:*:*","matchCriteriaId":"E313A243-ED56-498D-988F-E088693EBB61"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha23:*:*:*:rust:*:*","matchCriteriaId":"D3A60CB7-1F01-4A60-8555-C225AC89B959"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha24:*:*:*:rust:*:*","matchCriteriaId":"1C98618D-CF5D-406B-8AA5-34B412F3D43D"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha25:*:*:*:rust:*:*","matchCriteriaId":"98373960-FEDB-4933-92D5-2A597045DD23"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha26:*:*:*:rust:*:*","matchCriteriaId":"83E0E1A5-3C07-45FF-80FD-0DB375E1575E"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha27:*:*:*:rust:*:*","matchCriteriaId":"C2D66076-4005-4F58-A8E2-69062053D786"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha28:*:*:*:rust:*:*","matchCriteriaId":"1D8CB0F5-299F-4BB0-B264-F5642DD991C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha29:*:*:*:rust:*:*","matchCriteriaId":"96E20418-FE0C-4202-8771-FFF8EBB1B62D"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha3:*:*:*:rust:*:*","matchCriteriaId":"C16A625B-3FC4-48EB-9107-6E7585080D15"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha30:*:*:*:rust:*:*","matchCriteriaId":"810A17F9-AEEA-4396-B437-120789BBE882"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha31:*:*:*:rust:*:*","matchCriteriaId":"7B1FECD4-E993-417D-AEA7-F8E97DC6A5FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha32:*:*:*:rust:*:*","matchCriteriaId":"3839F299-E0E7-4994-A8AC-B67A534C9847"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha33:*:*:*:rust:*:*","matchCriteriaId":"46CAEA4E-5DFD-4668-ABF0-DC53EB04EE7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha34:*:*:*:rust:*:*","matchCriteriaId":"591075AB-81EF-4D42-A2A0-FA28BC6B78CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha35:*:*:*:rust:*:*","matchCriteriaId":"FD46ED07-6DCC-4BF8-A4E8-78B2FF6DCE4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha36:*:*:*:rust:*:*","matchCriteriaId":"6DF15533-D6E1-49B0-B30A-6FEECC7AE06C"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha37:*:*:*:rust:*:*","matchCriteriaId":"EC68F03A-D299-4BFB-A99E-4B08E4E0848F"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha38:*:*:*:rust:*:*","matchCriteriaId":"0DD60024-CAB2-4DA6-A9CA-503D2631E98B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha39:*:*:*:rust:*:*","matchCriteriaId":"32470ED0-7873-41A3-B2D5-7CD444ED0A45"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha4:*:*:*:rust:*:*","matchCriteriaId":"A88E9293-4B7C-4C52-9943-47197DB55D59"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha40:*:*:*:rust:*:*","matchCriteriaId":"E2EFC74D-40E7-426C-9F7B-3B654F2B940F"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha41:*:*:*:rust:*:*","matchCriteriaId":"EAAF504E-51A5-492B-887E-BB67788B899C"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha42:*:*:*:rust:*:*","matchCriteriaId":"35C83244-D2C7-4D70-9C0B-D0590B00C608"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha43:*:*:*:rust:*:*","matchCriteriaId":"429E4ECD-997A-4D3B-9DE2-60835AE14473"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha44:*:*:*:rust:*:*","matchCriteriaId":"5DDDBAA5-D207-498C-A6F0-79F07806C511"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha45:*:*:*:rust:*:*","matchCriteriaId":"81758B85-6D2B-4914-96EC-E4CCDE2F9A52"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha46:*:*:*:rust:*:*","matchCriteriaId":"D439B484-E32D-4A6A-84EE-9307A028F736"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha47:*:*:*:rust:*:*","matchCriteriaId":"FDA137F7-DC8A-44F4-8061-F502AC8DD7BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha48:*:*:*:rust:*:*","matchCriteriaId":"AE3EF7B3-E8C0-4844-9165-3A26EB426615"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha49:*:*:*:rust:*:*","matchCriteriaId":"EB40D926-AE20-46A7-9B6E-ED1BADB9A08B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha5:*:*:*:rust:*:*","matchCriteriaId":"7F5E8DE5-ABB0-4884-B473-07FA596A8707"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha50:*:*:*:rust:*:*","matchCriteriaId":"3A43A950-59A6-4343-815A-953C11DC3F13"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha51:*:*:*:rust:*:*","matchCriteriaId":"87B36190-C30B-45BC-9738-BE0B3321025D"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha52:*:*:*:rust:*:*","matchCriteriaId":"86A2967C-E2C6-4C73-9BDE-CCECACDB2B02"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha53:*:*:*:rust:*:*","matchCriteriaId":"5E10A654-E265-4469-8099-ABBB1F5D8BCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha54:*:*:*:rust:*:*","matchCriteriaId":"762591A8-A0A2-45D2-B15F-1E85DFC5CA86"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha55:*:*:*:rust:*:*","matchCriteriaId":"53DE196C-1914-40AE-854D-4988073D57C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha56:*:*:*:rust:*:*","matchCriteriaId":"5BE55B7E-3806-4F8A-B09C-7B9D173D3FAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha57:*:*:*:rust:*:*","matchCriteriaId":"8CF07DA6-11F6-4A19-9FD9-1955EC22C779"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha58:*:*:*:rust:*:*","matchCriteriaId":"1A571B98-0EE7-46A6-8514-3E02F9CE969A"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha59:*:*:*:rust:*:*","matchCriteriaId":"3263EEC7-94FF-4802-BCB2-0C3713079439"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha6:*:*:*:rust:*:*","matchCriteriaId":"2B55C391-0232-4F06-A9D8-3663FA564E81"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha60:*:*:*:rust:*:*","matchCriteriaId":"FA13E6EE-A889-408E-8503-2F57A5E46CE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha61:*:*:*:rust:*:*","matchCriteriaId":"4D28A63E-ADE5-4DEC-8E75-0884A7011613"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha62:*:*:*:rust:*:*","matchCriteriaId":"21E6129E-565C-45AE-A0C8-2D1B623EEC9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha63:*:*:*:rust:*:*","matchCriteriaId":"046F640C-18E9-4FC4-812D-8E4CAAFCAE55"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha64:*:*:*:rust:*:*","matchCriteriaId":"BFB217B7-78AA-4D16-9A2B-863BD6CD01B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha65:*:*:*:rust:*:*","matchCriteriaId":"F8EEF3FF-410B-40F3-A144-CD61ED394109"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha66:*:*:*:rust:*:*","matchCriteriaId":"E3494138-7FE7-4152-935C-C1C35179064B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha67:*:*:*:rust:*:*","matchCriteriaId":"9E0461BC-0E45-4F9F-A837-4D9FC8852A75"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha68:*:*:*:rust:*:*","matchCriteriaId":"E259407D-61CF-4956-A456-57F131334456"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha69:*:*:*:rust:*:*","matchCriteriaId":"B6E44EF8-98A5-47F5-B7E9-3199EB08FAC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha7:*:*:*:rust:*:*","matchCriteriaId":"54AB158B-F536-4627-8C6B-65AEE112FDF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha70:*:*:*:rust:*:*","matchCriteriaId":"F4CBBD85-02F9-491A-8845-59EFB88F2DAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha71:*:*:*:rust:*:*","matchCriteriaId":"2271380A-3AE1-4954-8D16-5065C8E88D32"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha72:*:*:*:rust:*:*","matchCriteriaId":"DB3F6C7E-71E4-427A-96F4-F62DE0ED9450"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha73:*:*:*:rust:*:*","matchCriteriaId":"980BEAAE-143E-4F28-9A2F-58CED3D296E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha74:*:*:*:rust:*:*","matchCriteriaId":"8E14C88E-CE9B-44DA-98DE-280C0D6E4C8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha75:*:*:*:rust:*:*","matchCriteriaId":"EEC13614-61AD-45A7-B7FA-07346D33CACF"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha76:*:*:*:rust:*:*","matchCriteriaId":"6B3E9EB0-0A41-4146-B6A9-49B1A70358DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha77:*:*:*:rust:*:*","matchCriteriaId":"CBDD75C5-1A08-4758-9324-172C1D539322"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha78:*:*:*:rust:*:*","matchCriteriaId":"96461CC0-012C-40D7-B1CB-FF9A6B7EB644"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha8:*:*:*:rust:*:*","matchCriteriaId":"F800AEB3-3AD7-42D8-BC3A-23703851435B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha9:*:*:*:rust:*:*","matchCriteriaId":"5821FADC-CF73-4639-911A-F3302D239B7C"}]}]}],"references":[{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-vcwh-pff9-64cc","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-vcwh-pff9-64cc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}