Stored Cross-Site Scripting in RustFS Console by RustFS
CVE-2026-62378
9CRITICAL
What is CVE-2026-62378?
The RustFS Console is vulnerable to stored cross-site scripting due to a flaw in handling PDF previews. Versions 0.1.7 to 0.1.9 allow an attacker to upload a malicious HTML file disguised as a PDF, which could lead to the execution of arbitrary scripts. This vulnerability exposes sensitive information, such as administrator AccessKeyId, SecretAccessKey, and SessionToken values. A patch has been released in version 0.1.10 to mitigate this issue.
Affected Version(s)
console >= 0.1.7, < 0.1.10
