CVE-2026-22782
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-02-09
Assigner: GitHub, Inc.
Description
Description
RustFS is a distributed object storage system built in Rust. From >= 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret (and expected signature), which exposes the secret to log readers and enables forged RPC calls. In crates/ecstore/src/rpc/http_auth.rs, the invalid signature branch logs sensitive data. This log line includes secret and expected_signature, both derived from the shared HMAC key. Any invalidly signed request triggers this path. The function is reachable from RPC and admin request handlers. This vulnerability is fixed in 1.0.0-alpha.80.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
| rustfs | rustfs | 1.0.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70