Vulnerabilities

CVE-2026-22782 - RustFS RPC signature verification logs shared secret

2026-01-16 0 views admin

CVE ID : CVE-2026-22782 Published : Jan. 16, 2026, 5:15 p.m. | 59 minutes ago Description : RustFS is a distributed object storage system built in Rust. From >= 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret (and expected signature), which exposes the secret to log readers and enables forged RPC calls. In crates/ecstore/src/rpc/http_auth.rs, the invalid signature branch logs sensitive data. This log line includes secret and expected_signature, both derived from the shared HMAC key. Any invalidly signed request triggers this path. The function is reachable from RPC and admin request handlers. This vulnerability is fixed in 1.0.0-alpha.80. Severity: 2.9 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-22782

Severity

LOW

Published

Jan. 16, 2026

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-22782low

CVE-2026-22782 - RustFS RPC signature verification logs shared secret

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-71020 - Tenda AX-1806 Stack Overflow Denial of Service

CVE-2025-70746 - Tenda AX-1806 Stack-Based Buffer Overflow Vulnerability

CVE-2024-44238 - Apple iOS/ iPadOS Memory Corruption Vulnerability

CVE-2024-54556 - Apple iOS Lock Screen Restricted Content Disclosure Vulnerability

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3