CVE-2026-40937 | RustFS up to 1.0.0-alpha.93 API Endpoint event.rs check_permissions authorization (GHSA-pfcq-4gjr-6gjm)

A vulnerability was found in RustFS up to 1.0.0-alpha.93. It has been classified as critical. This issue affects the function check_permissions of the file rustfs/src/admin/handlers/event.rs of the component API Endpoint. This manipulation causes missing authorization.

This vulnerability is tracked as CVE-2026-40937. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More