Auth bypass in Rustfs

CVE-2026-45044

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke p…

Vulnerability class: Broken Authentication

EPSS: 0.001 (22.6th percentile) — read the EPSS interpretation.