Description
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/read_file_stream endpoint. This issue has been patched in version 1.0.0-alpha.79.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| rustfs | rustfs | affected |
|
Configuration 1 [-]
|
No data.
| Vendor | Product | Confidence | Versions |
|---|---|---|---|
| Rustfs | Rustfs | — | — |
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-pq29-69jg-9mxc | RustFS Path Traversal Vulnerability |
References
History
Fri, 16 Jan 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:rustfs:rustfs:1.0.0:alpha13:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha14:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha15:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha16:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha17:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha18:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha19:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha20:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha21:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha22:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha23:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha24:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha25:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha26:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha27:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha28:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha29:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha30:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha31:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha32:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha33:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha34:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha35:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha36:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha37:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha38:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha39:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha40:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha41:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha42:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha43:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha44:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha45:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha46:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha47:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha48:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha49:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha50:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha51:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha52:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha53:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha54:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha55:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha56:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha57:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha58:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha59:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha60:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha61:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha62:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha63:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha64:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha65:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha66:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha67:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha68:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha69:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha70:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha71:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha72:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha73:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha74:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha75:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha76:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha77:*:*:*:rust:*:* cpe:2.3:a:rustfs:rustfs:1.0.0:alpha78:*:*:*:rust:*:* |
|
| Metrics |
cvssV3_1
|
Fri, 09 Jan 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Rustfs
Rustfs rustfs |
|
| Vendors & Products |
Rustfs
Rustfs rustfs |
Wed, 07 Jan 2026 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 07 Jan 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/read_file_stream endpoint. This issue has been patched in version 1.0.0-alpha.79. | |
| Title | RustFS Path Traversal Vulnerability | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-01-07T21:28:30.316Z
Reserved: 2025-12-23T22:32:51.733Z
Link: CVE-2025-68705
Vulnrichment
Updated: 2026-01-07T21:28:26.931Z
NVD
Status : Analyzed
Published: 2026-01-07T21:15:59.383
Modified: 2026-01-16T19:29:47.410
Link: CVE-2025-68705
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-01-09T13:26:08Z
Weaknesses