RustFS hardcoded auth token CVE (9.8)(nvd.nist.gov)
nvd.nist.gov
RustFS hardcoded auth token CVE (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2025-68926
2 comments
Fix (creation of the rustfs-credentials crate) smuggled in a fairly large panic fix PR https://github.com/rustfs/rustfs/pull/1291#:~:text=Fixes%20C... , "fix: Prevent panic in GetMetrics gRPC handler on invalid input"
Seems they have already removed
> RustFS is written in Rust, a memory-safe language, so it is 100% secure
From their docs.
https://github.com/rustfs/docs.rustfs.com/commit/cd1ece3c5f5...
> RustFS is written in Rust, a memory-safe language, so it is 100% secure
From their docs.
https://github.com/rustfs/docs.rustfs.com/commit/cd1ece3c5f5...