Auth bypass in Rustfs
CVE-2026-47136
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the…
Vulnerability class: Information Disclosure
EPSS: 0.001 (18.7th percentile) — read the EPSS interpretation.
Affected products
- Rustfs — versions < 1.0.0-beta.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)