{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T19:31:10.724","vulnerabilities":[{"cve":{"id":"CVE-2026-27607","sourceIdentifier":"security-advisories@github.com","published":"2026-02-25T03:16:04.787","lastModified":"2026-02-25T15:37:08.497","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy conditions in presigned POST uploads (PostObject), allowing attackers to bypass content-length-range, starts-with, and Content-Type constraints. This enables unauthorized file uploads exceeding size limits, uploads to arbitrary object keys, and content-type spoofing, potentially leading to storage exhaustion, unauthorized data access, and security bypasses. Version 1.0.0-alpha.83 fixes the issue."},{"lang":"es","value":"RustFS es un sistema de almacenamiento de objetos distribuido construido en Rust. En las versiones desde la 1.0.0-alpha.56 hasta la 1.0.0-alpha.82, RustFS no valida las condiciones de política en las cargas POST pre-firmadas (PostObject), permitiendo a los atacantes eludir las restricciones de content-length-range, starts-with y Content-Type. Esto permite cargas de archivos no autorizadas que exceden los límites de tamaño, cargas a claves de objeto arbitrarias y suplantación de Content-Type, lo que podría conducir a agotamiento del almacenamiento, acceso no autorizado a datos y elusión de seguridad. La versión 1.0.0-alpha.83 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-863"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha56:*:*:*:rust:*:*","matchCriteriaId":"5BE55B7E-3806-4F8A-B09C-7B9D173D3FAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha57:*:*:*:rust:*:*","matchCriteriaId":"8CF07DA6-11F6-4A19-9FD9-1955EC22C779"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha58:*:*:*:rust:*:*","matchCriteriaId":"1A571B98-0EE7-46A6-8514-3E02F9CE969A"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha59:*:*:*:rust:*:*","matchCriteriaId":"3263EEC7-94FF-4802-BCB2-0C3713079439"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha60:*:*:*:rust:*:*","matchCriteriaId":"FA13E6EE-A889-408E-8503-2F57A5E46CE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha61:*:*:*:rust:*:*","matchCriteriaId":"4D28A63E-ADE5-4DEC-8E75-0884A7011613"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha62:*:*:*:rust:*:*","matchCriteriaId":"21E6129E-565C-45AE-A0C8-2D1B623EEC9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha63:*:*:*:rust:*:*","matchCriteriaId":"046F640C-18E9-4FC4-812D-8E4CAAFCAE55"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha64:*:*:*:rust:*:*","matchCriteriaId":"BFB217B7-78AA-4D16-9A2B-863BD6CD01B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha65:*:*:*:rust:*:*","matchCriteriaId":"F8EEF3FF-410B-40F3-A144-CD61ED394109"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha66:*:*:*:rust:*:*","matchCriteriaId":"E3494138-7FE7-4152-935C-C1C35179064B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha67:*:*:*:rust:*:*","matchCriteriaId":"9E0461BC-0E45-4F9F-A837-4D9FC8852A75"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha68:*:*:*:rust:*:*","matchCriteriaId":"E259407D-61CF-4956-A456-57F131334456"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha69:*:*:*:rust:*:*","matchCriteriaId":"B6E44EF8-98A5-47F5-B7E9-3199EB08FAC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha70:*:*:*:rust:*:*","matchCriteriaId":"F4CBBD85-02F9-491A-8845-59EFB88F2DAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha71:*:*:*:rust:*:*","matchCriteriaId":"2271380A-3AE1-4954-8D16-5065C8E88D32"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha72:*:*:*:rust:*:*","matchCriteriaId":"DB3F6C7E-71E4-427A-96F4-F62DE0ED9450"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha73:*:*:*:rust:*:*","matchCriteriaId":"980BEAAE-143E-4F28-9A2F-58CED3D296E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha74:*:*:*:rust:*:*","matchCriteriaId":"8E14C88E-CE9B-44DA-98DE-280C0D6E4C8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha75:*:*:*:rust:*:*","matchCriteriaId":"EEC13614-61AD-45A7-B7FA-07346D33CACF"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha76:*:*:*:rust:*:*","matchCriteriaId":"6B3E9EB0-0A41-4146-B6A9-49B1A70358DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha77:*:*:*:rust:*:*","matchCriteriaId":"CBDD75C5-1A08-4758-9324-172C1D539322"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha78:*:*:*:rust:*:*","matchCriteriaId":"96461CC0-012C-40D7-B1CB-FF9A6B7EB644"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha79:*:*:*:rust:*:*","matchCriteriaId":"9AA7AE2E-83E3-4796-8569-16030DB2CF38"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha80:*:*:*:rust:*:*","matchCriteriaId":"73638EAF-BCA6-4BD8-90E5-3A53EFD0FD5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha81:*:*:*:rust:*:*","matchCriteriaId":"48BCB4A7-57C5-4FAA-860D-B862947EE352"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha82:*:*:*:rust:*:*","matchCriteriaId":"0EA73A06-6AEA-45DF-B819-D25AA9BBEBA7"}]}]}],"references":[{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-w5fh-f8xh-5x3p","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}