CVE-2026-24762 | THREATINT

Description

RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material (access key, secret key, session token) to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive credentials. This issue has been patched in version alpha.82.

PUBLISHED Reserved 2026-01-26 | Published 2026-02-03 | Updated 2026-02-03 | Assigner GitHub_M

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-532: Insertion of Sensitive Information into Log File

Product status

>= alpha.13, < alpha.82

affected

References

github.com/...rustfs/security/advisories/GHSA-r54g-49rx-98cr

cve.org (CVE-2026-24762)

nvd.nist.gov (CVE-2026-24762)

Download JSON