rclone CVE-2026-41179
CRITICALSeverity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (https://github.com/rclone/rclone).
CVSS VectorVendor: https://github.com/rclone/rclone
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
Summary
The RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs(...) supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend, bearer_token_command is executed during backend initialization, making single-request unauthenticated local command execution possible on reachable RC deployments without global HTTP authentication.
Preconditions
Preconditions for this vulnerability are:
- The rclone remote control API must be enabled, either by the
--rcflag or by running therclone rcdserver - The remote control API must be reachable by the attacker - by default rclone only serves the rc to localhost unless the
--rc-addrflag is in use - The rc must have been deployed without global RC HTTP authentication - so not using
--rc-user/--rc-pass/--rc-htpasswd/etc
Details
The root cause consists of the following pieces:
operations/fsinfois not protected withAuthRequired: trueoperations/fsinfocallsrc.GetFs(...)on attacker-controlled inputrc.GetFs(...)supports inline backend creation through object-valuedfs- WebDAV backend initialization executes
bearer_token_command
Relevant code paths:
fs/operations/rc.gooperations/fsinfois registered withoutAuthRequired: truercFsInfo()callsrc.GetFs(ctx, in)fs/rc/cache.goGetFs()/GetFsNamed()can parse an object-valuedfsgetConfigMap()converts attacker-controlled JSON into a backend config stringbackend/webdav/webdav.gobearer_token_commandis a supported backend optionNewFs(...)callsfetchAndSetBearerToken()whenbearer_token_commandis setfetchBearerToken()invokesexec.Command(...)
This creates a practical single-request unauthenticated command-execution primitive on reachable RC servers without global HTTP authentication.
This was alidated on:
- current
masteras of 2026-04-14:bf55d5e6d37fd86164a87782191f9e1ffcaafa82 - latest public release tested locally:
v1.73.4
This was also validated on a public amd64 Ubuntu host controlled by the tester, using direct host execution (not containerized PoC execution).
PoC
Minimal single-request form PoC
Start a vulnerable RC server:
rclone rcd --rc-addr 127.0.0.1:5572No --rc-user, no --rc-pass, no --rc-htpasswd.
Then send a single request:
curl -sS -X POST http://127.0.0.1:5572/operations/fsinfo \
--data-urlencode "fs=:webdav,url='http://127.0.0.1/',vendor=other,bearer_token_command='/usr/bin/touch /tmp/rclone_fsinfo_rce_poc_marker':"Expected result:
- HTTP 200 JSON response from
operations/fsinfo /tmp/rclone_fsinfo_rce_poc_markeris created on the host
Impact
This is effectively a single-request unauthenticated command-execution vulnerability on reachable RC deployments without global HTTP authentication.
In practice, command execution in the rclone process context can lead to higher-impact outcomes such as local file read, file write, or shell access, depending on the deployed environment.
Testing performed
This was successfully reproduced:
- on a local test environment
- on a public amd64 Ubuntu host controlled by the tester
On the public host it was confirmed:
- the unauthenticated
operations/fsinfoexploit worked - command execution occurred on the host
- the issue was reproducible through direct host execution
AnalysisAI
Remote code execution via unauthenticated command injection in rclone's remote control API allows network attackers to execute arbitrary commands on the host system through a single HTTP request. The vulnerability affects rclone deployments with the RC API enabled (--rc or rclone rcd) that are network-accessible and lack global HTTP authentication. An attacker exploits the unprotected operations/fsinfo endpoint by crafting a WebDAV backend definition with a malicious bearer_token_command parameter, which executes during backend initialization. Confirmed exploitable on master branch (commit bf55d5e6) and release v1.73.4 with public proof-of-concept available. CVSS 9.2 reflects critical severity with network attack vector and no authentication required, though exploitation requires specific deployment configuration (AT:P). No CISA KEV listing or EPSS data available at time of analysis.
Technical ContextAI
The vulnerability stems from unsafe interaction between rclone's remote control (RC) API framework and its modular backend system. The operations/fsinfo endpoint was registered without the AuthRequired flag, allowing unauthenticated access. This endpoint accepts user-controlled 'fs' parameters that are processed by rc.GetFs(), which supports inline backend instantiation from JSON objects. The WebDAV backend (backend/webdav/webdav.go) includes a bearer_token_command configuration option designed for dynamic authentication token retrieval. During NewFs() initialization, this command is executed via Go's exec.Command() without input validation when bearer_token_command is present in the backend configuration. The root cause aligns with CWE-78 (OS Command Injection) where external input flows directly into command execution contexts. The CPE identifier pkg:go/github.com_rclone_rclone indicates this affects the Go implementation distributed via GitHub. The attack chain leverages legitimate features-dynamic backend configuration and token command execution-in an unintended security-critical combination.
RemediationAI
Apply the vendor-released patch immediately for network-accessible RC deployments. Monitor https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q for the fixed version release and upgrade as soon as available-exact patched version number not yet published at time of analysis. For immediate risk reduction on vulnerable deployments, implement global HTTP authentication by adding --rc-user and --rc-pass flags to the rclone rcd command or --rc configuration (trade-off: requires credential management but provides defense-in-depth). If RC remote access is not operationally required, remove the --rc-addr flag to restrict the API to localhost-only binding (default behavior), which eliminates network attack surface but prevents legitimate remote management. For air-gapped or isolated environments where RC must remain network-accessible without authentication, implement network-layer access controls (firewall rules, VPN requirements) to restrict RC port access to trusted management networks only (trade-off: operational complexity and potential lockout risk if misconfigured). Do not rely solely on obscure port numbers or non-standard --rc-addr bindings as security controls. Verify current deployment configuration with 'ps aux | grep rclone' and check for --rc-addr without corresponding authentication flags.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allVendor StatusVendor
SUSE
Severity: Critical| Product | Status |
|---|---|
| SUSE Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP6 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-jfwf-28xr-xw6q