CVE-2026-21862 | RustFS up to alpha.77 Header get_condition_values X-Forwarded-For/X-Real-Ip authentication spoofing

Inserito da Angelo Barbosa | Feb 3, 2026 | CVE

A vulnerability was found in RustFS up to alpha.77. It has been declared as critical. This vulnerability affects the function get_condition_values of the component Header Handler. The manipulation of the argument X-Forwarded-For/X-Real-Ip results in authentication bypass by spoofing.

This vulnerability was named CVE-2026-21862. The attack may be performed from remote. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2026-21862 | RustFS up to alpha.77 Header get_condition_values X-Forwarded-For/X-Real-Ip authentication spoofing

Post correlati

CVE-2024-5380 | jsy-1 short-url 1.0.0 admin.php cross site scripting (I8UP2A)

CVE-2024-30538 | DELUCKS SEO Plugin up to 2.5.4 on WordPress authorization

CVE-2025-38342 | Linux Kernel up to 6.15.3 software_node_get_reference_args out-of-bounds

CVE-2024-33148 | J2EEFAST 2.7.0 list sql_filter sql injection