Loading
RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scripting (XSS) vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an attacker can steal administrator credentials from `localStorage`, leading to full account takeover and system compromise. Version 1.0.0-alpha.83 fixes the issue.
Cite this page
CVE-2026-27822. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2026-27822
Use CWE-79, Rustfs vendor hub and Rustfs product page to widen CVE-2026-27822 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-68926, CVE-2025-68705 and CVE-2026-40937 for nearby disclosures in the same product family.