RustFS Logs Sensitive Credentials in Plaintext_CVE-2026-24762

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material (access key, secret key, session token) to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive credentials. This issue has been patched in version alpha.82.

Basic Information

ID CVE-2026-24762

Source GitHub_M

Published Feb 3, 2026 at 16:06

Affected Product

Vendor rustfs

Product rustfs

Version >= alpha.13, < alpha.82

Affected Versions rustfs rustfs >= alpha.13, < alpha.82

CWE Classification

CWE-532

References

github.com /rustfs/rustfs/security/advisories/GHSA-r54g-49rx-98cr

{
    "lastseen": "",
    "description": "RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material (access key, secret key, session token) to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive credentials. This issue has been patched in version alpha.82.",
    "published": "2026-02-03T16:06:17.699Z",
    "modified": "2026-02-03T16:06:17.699Z",
    "type": "cve",
    "title": "RustFS Logs Sensitive Credentials in Plaintext",
    "source": "GitHub_M",
    "references": "https://github.com/rustfs/rustfs/security/advisories/GHSA-r54g-49rx-98cr",
    "id": "CVE-2026-24762",
    "bulletinFamily": "",
    "cwe": [
        "CWE-532"
    ],
    "cvelist": null,
    "sourceData": "rustfs rustfs >= alpha.13, < alpha.82",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "rustfs",
    "version": ">= alpha.13, < alpha.82",
    "vendor": "rustfs",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}