CVE-2026-24762

HIGH
2026-02-03 [email protected] GHSA-r54g-49rx-98cr
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 03, 2026 - 16:16 nvd
HIGH 7.5

Tags

Information Disclosure Rustfs

Description

RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material (access key, secret key, session token) to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive credentials. This issue has been patched in version alpha.82.

Analysis

Rustfs versions up to 1.0.0 is affected by insertion of sensitive information into log file (CVSS 7.5).

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all systems running Rustfs up to version 1.0.0 and classify data sensitivity of affected systems. Within 7 days: Implement compensating controls including log encryption, access restrictions to log files (file permissions 600/700), and centralized secure log aggregation with encryption in transit. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Share

CVE-2026-24762 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy