Auth bypass in Rustfs

CVE-2026-45042

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing destination bucket restrictions on allowed c…

Vulnerability class: Broken Access Control

EPSS: 0.000 (13.5th percentile) — read the EPSS interpretation.