Skip to main content

rclone CVE-2026-41179

CRITICAL
OS Command Injection (CWE-78)
2026-04-22 https://github.com/rclone/rclone GHSA-jfwf-28xr-xw6q
9.2
CVSS 4.0 · Vendor: https://github.com/rclone/rclone
Share

Severity by source

Vendor (https://github.com/rclone/rclone) PRIMARY
9.2 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
CRITICAL
qualitative
Red Hat
9.8 HIGH
qualitative

Primary rating from Vendor (https://github.com/rclone/rclone).

CVSS VectorVendor: https://github.com/rclone/rclone

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

8
PoC Detected
Apr 27, 2026 - 18:18 vuln.today
Public exploit code
Patch released
Apr 23, 2026 - 02:30 nvd
Patch available
Analysis Updated
Apr 23, 2026 - 00:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 23, 2026 - 00:22 vuln.today
cvss_changed
CVSS changed
Apr 23, 2026 - 00:22 NVD
9.2 (CRITICAL)
Analysis Generated
Apr 22, 2026 - 15:01 vuln.today
Analysis Generated
Apr 22, 2026 - 14:45 vuln.today
CVE Published
Apr 22, 2026 - 14:45 nvd
CRITICAL 9.2

DescriptionCVE.org

Summary

The RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs(...) supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend, bearer_token_command is executed during backend initialization, making single-request unauthenticated local command execution possible on reachable RC deployments without global HTTP authentication.

Preconditions

Preconditions for this vulnerability are:

  • The rclone remote control API must be enabled, either by the --rc flag or by running the rclone rcd server
  • The remote control API must be reachable by the attacker - by default rclone only serves the rc to localhost unless the --rc-addr flag is in use
  • The rc must have been deployed without global RC HTTP authentication - so not using --rc-user/--rc-pass/--rc-htpasswd/etc

Details

The root cause consists of the following pieces:

  1. operations/fsinfo is not protected with AuthRequired: true
  2. operations/fsinfo calls rc.GetFs(...) on attacker-controlled input
  3. rc.GetFs(...) supports inline backend creation through object-valued fs
  4. WebDAV backend initialization executes bearer_token_command

Relevant code paths:

  • fs/operations/rc.go
  • operations/fsinfo is registered without AuthRequired: true
  • rcFsInfo() calls rc.GetFs(ctx, in)
  • fs/rc/cache.go
  • GetFs() / GetFsNamed() can parse an object-valued fs
  • getConfigMap() converts attacker-controlled JSON into a backend config string
  • backend/webdav/webdav.go
  • bearer_token_command is a supported backend option
  • NewFs(...) calls fetchAndSetBearerToken() when bearer_token_command is set
  • fetchBearerToken() invokes exec.Command(...)

This creates a practical single-request unauthenticated command-execution primitive on reachable RC servers without global HTTP authentication.

This was alidated on:

  • current master as of 2026-04-14: bf55d5e6d37fd86164a87782191f9e1ffcaafa82
  • latest public release tested locally: v1.73.4

This was also validated on a public amd64 Ubuntu host controlled by the tester, using direct host execution (not containerized PoC execution).

PoC

Minimal single-request form PoC

Start a vulnerable RC server:

bash
rclone rcd --rc-addr 127.0.0.1:5572

No --rc-user, no --rc-pass, no --rc-htpasswd.

Then send a single request:

bash
curl -sS -X POST http://127.0.0.1:5572/operations/fsinfo \
  --data-urlencode "fs=:webdav,url='http://127.0.0.1/',vendor=other,bearer_token_command='/usr/bin/touch /tmp/rclone_fsinfo_rce_poc_marker':"

Expected result:

  • HTTP 200 JSON response from operations/fsinfo
  • /tmp/rclone_fsinfo_rce_poc_marker is created on the host

Impact

This is effectively a single-request unauthenticated command-execution vulnerability on reachable RC deployments without global HTTP authentication.

In practice, command execution in the rclone process context can lead to higher-impact outcomes such as local file read, file write, or shell access, depending on the deployed environment.

Testing performed

This was successfully reproduced:

  • on a local test environment
  • on a public amd64 Ubuntu host controlled by the tester

On the public host it was confirmed:

  • the unauthenticated operations/fsinfo exploit worked
  • command execution occurred on the host
  • the issue was reproducible through direct host execution

AnalysisAI

Remote code execution via unauthenticated command injection in rclone's remote control API allows network attackers to execute arbitrary commands on the host system through a single HTTP request. The vulnerability affects rclone deployments with the RC API enabled (--rc or rclone rcd) that are network-accessible and lack global HTTP authentication. An attacker exploits the unprotected operations/fsinfo endpoint by crafting a WebDAV backend definition with a malicious bearer_token_command parameter, which executes during backend initialization. Confirmed exploitable on master branch (commit bf55d5e6) and release v1.73.4 with public proof-of-concept available. CVSS 9.2 reflects critical severity with network attack vector and no authentication required, though exploitation requires specific deployment configuration (AT:P). No CISA KEV listing or EPSS data available at time of analysis.

Technical ContextAI

The vulnerability stems from unsafe interaction between rclone's remote control (RC) API framework and its modular backend system. The operations/fsinfo endpoint was registered without the AuthRequired flag, allowing unauthenticated access. This endpoint accepts user-controlled 'fs' parameters that are processed by rc.GetFs(), which supports inline backend instantiation from JSON objects. The WebDAV backend (backend/webdav/webdav.go) includes a bearer_token_command configuration option designed for dynamic authentication token retrieval. During NewFs() initialization, this command is executed via Go's exec.Command() without input validation when bearer_token_command is present in the backend configuration. The root cause aligns with CWE-78 (OS Command Injection) where external input flows directly into command execution contexts. The CPE identifier pkg:go/github.com_rclone_rclone indicates this affects the Go implementation distributed via GitHub. The attack chain leverages legitimate features-dynamic backend configuration and token command execution-in an unintended security-critical combination.

RemediationAI

Apply the vendor-released patch immediately for network-accessible RC deployments. Monitor https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q for the fixed version release and upgrade as soon as available-exact patched version number not yet published at time of analysis. For immediate risk reduction on vulnerable deployments, implement global HTTP authentication by adding --rc-user and --rc-pass flags to the rclone rcd command or --rc configuration (trade-off: requires credential management but provides defense-in-depth). If RC remote access is not operationally required, remove the --rc-addr flag to restrict the API to localhost-only binding (default behavior), which eliminates network attack surface but prevents legitimate remote management. For air-gapped or isolated environments where RC must remain network-accessible without authentication, implement network-layer access controls (firewall rules, VPN requirements) to restrict RC port access to trusted management networks only (trade-off: operational complexity and potential lockout risk if misconfigured). Do not rely solely on obscure port numbers or non-standard --rc-addr bindings as security controls. Verify current deployment configuration with 'ps aux | grep rclone' and check for --rc-addr without corresponding authentication flags.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SUSE Package Hub 15 SP6 Fixed
openSUSE Leap 15.6 Fixed
openSUSE Leap 16.0 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP6 Fixed

Share

CVE-2026-41179 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy