CVE-2026-46685— rustfs 安全漏洞

RustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata endpoint on console

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFS_CORS_ALLOWED_ORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true and Access-Control-Allow-Headers: * on responses, including preflight responses and error responses. This creates a permissive cross-domain policy with untrusted origins. A browser visiting an attacker-controlled page can issue credentialed cross-origin requests to a reachable RustFS deployment and read the response when the victim browser has ambient credentials for the RustFS origin, such as saved HTTP Basic Auth credentials, reverse-proxy SSO cookies, or TLS client certificates. This vulnerability is fixed in 1.0.0-beta.2.

N/A

关键功能的认证机制缺失

rustfs 安全漏洞

rustfs是RustFS开源的一个高性能对象存储系统。 RustFS 1.0.0-beta.2之前版本存在安全漏洞，该漏洞源于当RUSTFS_CORS_ALLOWED_ORIGINS未设置时，ConditionalCorsLayer会反射请求Origin值并设置宽松的跨域策略，可能导致浏览器在受害者具有凭据时发出跨域请求并读取响应。

N/A

N/A