QSearchQSearch

CVE-2026-45040

RustFS is a distributed object storage system built in Rust

Published: 2026-05-28 · Last updated: 2026-06-02

Severity and scoring

CWE
CWE-312, CWE-532

Description

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST_LOG=debug sensitive credentials including SessionToken (JWT), SecretAccessKey, and full JWT claims are printed in plaintext to the server logs. This vulnerability is fixed in 1.0.0-beta.2.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-0267 An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured p...
  • CVE-2026-9751 The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in p... (5.5 MEDIUM)
  • CVE-2026-9735 MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication (5.5 MEDIUM)
  • CVE-2026-10786 Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain... (6.5 MEDIUM)
  • CVE-2026-45581 fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs (5.5 MEDIUM)