Home > Vulnerability Database > CVE-2026-24762

Mend.io Vulnerability Database

CVE-2026-24762

Good to know:

Date: February 3, 2026

RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material (access key, secret key, session token) to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive credentials. This issue has been patched in version alpha.82.

Severity Score

5.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-24762

Url: https://github.com/rustfs/rustfs/security/advisories/GHSA-r54g-49rx-98cr

Url: https://github.com/rustfs/rustfs

Url: https://www.mend.io/vulnerability-database/CVE-2026-24762

Severity Score

5.3

Weakness Type (CWE)

Insertion of Sensitive Information into Log File

CWE-532

Top Fix

Upgrade Version

Upgrade to version https://github.com/rustfs/rustfs.git - 1.0.0-alpha.82

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-24762

Good to know:

Date: February 3, 2026

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?