Vulnerability in Rustfs
CVE-2026-45041
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TEST_PRIVATE_KEY and uses it in production via parse_license() to "…
EPSS: 0.001 (17.1th percentile) — read the EPSS interpretation.
Affected products
- Rustfs — versions < 1.0.0-beta.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)