← Back

CVE-2026-27822

nvd nist
Published: Feb 25, 2026Modified: Feb 25, 2026

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scripting (XSS) vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an attacker can steal administrator credentials from `localStorage`, leading to full account takeover and system compromise. Version 1.0.0-alpha.83 fixes the issue.

Affected (82)

Products: Rustfs: Rustfs
Rustfs
1 product
Rustfs
Configuration A
82 vulnerable
Vulnerable SoftwareAffected Versions
Rustfs
Rustfs
Version 1.0.0 alpha10
Rustfs
Version 1.0.0 alpha11
Rustfs
Version 1.0.0 alpha12
Rustfs
Version 1.0.0 alpha13
Rustfs
Version 1.0.0 alpha14
Rustfs
Version 1.0.0 alpha15
Rustfs
Version 1.0.0 alpha16
Rustfs
Version 1.0.0 alpha17
Rustfs
Version 1.0.0 alpha18
Rustfs
Version 1.0.0 alpha19
Rustfs
Version 1.0.0 alpha1
Rustfs
Version 1.0.0 alpha20
Rustfs
Version 1.0.0 alpha21
Rustfs
Version 1.0.0 alpha22
Rustfs
Version 1.0.0 alpha23
Rustfs
Version 1.0.0 alpha24
Rustfs
Version 1.0.0 alpha25
Rustfs
Version 1.0.0 alpha26
Rustfs
Version 1.0.0 alpha27
Rustfs
Version 1.0.0 alpha28
Rustfs
Version 1.0.0 alpha29
Rustfs
Version 1.0.0 alpha2
Rustfs
Version 1.0.0 alpha30
Rustfs
Version 1.0.0 alpha31
Rustfs
Version 1.0.0 alpha32
Rustfs
Version 1.0.0 alpha33
Rustfs
Version 1.0.0 alpha34
Rustfs
Version 1.0.0 alpha35
Rustfs
Version 1.0.0 alpha36
Rustfs
Version 1.0.0 alpha37
Rustfs
Version 1.0.0 alpha38
Rustfs
Version 1.0.0 alpha39
Rustfs
Version 1.0.0 alpha3
Rustfs
Version 1.0.0 alpha40
Rustfs
Version 1.0.0 alpha41
Rustfs
Version 1.0.0 alpha42
Rustfs
Version 1.0.0 alpha43
Rustfs
Version 1.0.0 alpha44
Rustfs
Version 1.0.0 alpha45
Rustfs
Version 1.0.0 alpha46
Rustfs
Version 1.0.0 alpha47
Rustfs
Version 1.0.0 alpha48
Rustfs
Version 1.0.0 alpha49
Rustfs
Version 1.0.0 alpha4
Rustfs
Version 1.0.0 alpha50
Rustfs
Version 1.0.0 alpha51
Rustfs
Version 1.0.0 alpha52
Rustfs
Version 1.0.0 alpha53
Rustfs
Version 1.0.0 alpha54
Rustfs
Version 1.0.0 alpha55
Rustfs
Version 1.0.0 alpha56
Rustfs
Version 1.0.0 alpha57
Rustfs
Version 1.0.0 alpha58
Rustfs
Version 1.0.0 alpha59
Rustfs
Version 1.0.0 alpha5
Rustfs
Version 1.0.0 alpha60
Rustfs
Version 1.0.0 alpha61
Rustfs
Version 1.0.0 alpha62
Rustfs
Version 1.0.0 alpha63
Rustfs
Version 1.0.0 alpha64
Rustfs
Version 1.0.0 alpha65
Rustfs
Version 1.0.0 alpha66
Rustfs
Version 1.0.0 alpha67
Rustfs
Version 1.0.0 alpha68
Rustfs
Version 1.0.0 alpha69
Rustfs
Version 1.0.0 alpha6
Rustfs
Version 1.0.0 alpha70
Rustfs
Version 1.0.0 alpha71
Rustfs
Version 1.0.0 alpha72
Rustfs
Version 1.0.0 alpha73
Rustfs
Version 1.0.0 alpha74
Rustfs
Version 1.0.0 alpha75
Rustfs
Version 1.0.0 alpha76
Rustfs
Version 1.0.0 alpha77
Rustfs
Version 1.0.0 alpha78
Rustfs
Version 1.0.0 alpha79
Rustfs
Version 1.0.0 alpha7
Rustfs
Version 1.0.0 alpha80
Rustfs
Version 1.0.0 alpha81
Rustfs
Version 1.0.0 alpha82
Rustfs
Version 1.0.0 alpha8
Rustfs
Version 1.0.0 alpha9

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

Source: security-advisories@github.com
ExploitVendor Advisory

Timeline

No history available yet.