Privilege escalation in Rustfs
CVE-2026-45043
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent id…
Vulnerability class: Privilege Escalation
EPSS: 0.000 (13.5th percentile) — read the EPSS interpretation.
Affected products
- Rustfs — versions < 1.0.0-beta.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)