CVE-2026-22043

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed deny_only short-circuit in RustFS IAM allows a restricted service account or STS credential to self-issue an unrestricted service account, inheriting the parent’s full privileges. This enables privilege escalation and bypass of session/inline policy restrictions. Version 1.0.0-alpha.79 fixes the issue.

Published: Jan 8, 2026
Updated: Jan 16, 2026
CVE: CVE-2026-22043
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

Affected Software
References

Software	From	Fixed in
rustfs / rustfs	1.0.0-alpha13	1.0.0-alpha13.x
rustfs / rustfs	1.0.0-alpha14	1.0.0-alpha14.x
rustfs / rustfs	1.0.0-alpha15	1.0.0-alpha15.x
rustfs / rustfs	1.0.0-alpha16	1.0.0-alpha16.x
rustfs / rustfs	1.0.0-alpha17	1.0.0-alpha17.x
rustfs / rustfs	1.0.0-alpha18	1.0.0-alpha18.x
rustfs / rustfs	1.0.0-alpha19	1.0.0-alpha19.x
rustfs / rustfs	1.0.0-alpha20	1.0.0-alpha20.x
rustfs / rustfs	1.0.0-alpha21	1.0.0-alpha21.x
rustfs / rustfs	1.0.0-alpha22	1.0.0-alpha22.x
rustfs / rustfs	1.0.0-alpha23	1.0.0-alpha23.x
rustfs / rustfs	1.0.0-alpha24	1.0.0-alpha24.x
rustfs / rustfs	1.0.0-alpha25	1.0.0-alpha25.x
rustfs / rustfs	1.0.0-alpha26	1.0.0-alpha26.x
rustfs / rustfs	1.0.0-alpha27	1.0.0-alpha27.x
rustfs / rustfs	1.0.0-alpha28	1.0.0-alpha28.x
rustfs / rustfs	1.0.0-alpha29	1.0.0-alpha29.x
rustfs / rustfs	1.0.0-alpha30	1.0.0-alpha30.x
rustfs / rustfs	1.0.0-alpha31	1.0.0-alpha31.x
rustfs / rustfs	1.0.0-alpha32	1.0.0-alpha32.x
rustfs / rustfs	1.0.0-alpha33	1.0.0-alpha33.x
rustfs / rustfs	1.0.0-alpha34	1.0.0-alpha34.x
rustfs / rustfs	1.0.0-alpha35	1.0.0-alpha35.x
rustfs / rustfs	1.0.0-alpha36	1.0.0-alpha36.x
rustfs / rustfs	1.0.0-alpha37	1.0.0-alpha37.x
rustfs / rustfs	1.0.0-alpha38	1.0.0-alpha38.x
rustfs / rustfs	1.0.0-alpha39	1.0.0-alpha39.x
rustfs / rustfs	1.0.0-alpha40	1.0.0-alpha40.x
rustfs / rustfs	1.0.0-alpha41	1.0.0-alpha41.x
rustfs / rustfs	1.0.0-alpha42	1.0.0-alpha42.x
rustfs / rustfs	1.0.0-alpha43	1.0.0-alpha43.x
rustfs / rustfs	1.0.0-alpha44	1.0.0-alpha44.x
rustfs / rustfs	1.0.0-alpha45	1.0.0-alpha45.x
rustfs / rustfs	1.0.0-alpha46	1.0.0-alpha46.x
rustfs / rustfs	1.0.0-alpha47	1.0.0-alpha47.x
rustfs / rustfs	1.0.0-alpha48	1.0.0-alpha48.x
rustfs / rustfs	1.0.0-alpha49	1.0.0-alpha49.x
rustfs / rustfs	1.0.0-alpha50	1.0.0-alpha50.x
rustfs / rustfs	1.0.0-alpha51	1.0.0-alpha51.x
rustfs / rustfs	1.0.0-alpha52	1.0.0-alpha52.x
rustfs / rustfs	1.0.0-alpha53	1.0.0-alpha53.x
rustfs / rustfs	1.0.0-alpha54	1.0.0-alpha54.x
rustfs / rustfs	1.0.0-alpha55	1.0.0-alpha55.x
rustfs / rustfs	1.0.0-alpha56	1.0.0-alpha56.x
rustfs / rustfs	1.0.0-alpha57	1.0.0-alpha57.x
rustfs / rustfs	1.0.0-alpha58	1.0.0-alpha58.x
rustfs / rustfs	1.0.0-alpha59	1.0.0-alpha59.x
rustfs / rustfs	1.0.0-alpha60	1.0.0-alpha60.x
rustfs / rustfs	1.0.0-alpha61	1.0.0-alpha61.x
rustfs / rustfs	1.0.0-alpha62	1.0.0-alpha62.x
rustfs / rustfs	1.0.0-alpha63	1.0.0-alpha63.x
rustfs / rustfs	1.0.0-alpha64	1.0.0-alpha64.x
rustfs / rustfs	1.0.0-alpha65	1.0.0-alpha65.x
rustfs / rustfs	1.0.0-alpha66	1.0.0-alpha66.x
rustfs / rustfs	1.0.0-alpha67	1.0.0-alpha67.x
rustfs / rustfs	1.0.0-alpha68	1.0.0-alpha68.x
rustfs / rustfs	1.0.0-alpha69	1.0.0-alpha69.x
rustfs / rustfs	1.0.0-alpha70	1.0.0-alpha70.x
rustfs / rustfs	1.0.0-alpha71	1.0.0-alpha71.x
rustfs / rustfs	1.0.0-alpha72	1.0.0-alpha72.x
rustfs / rustfs	1.0.0-alpha73	1.0.0-alpha73.x
rustfs / rustfs	1.0.0-alpha74	1.0.0-alpha74.x
rustfs / rustfs	1.0.0-alpha75	1.0.0-alpha75.x
rustfs / rustfs	1.0.0-alpha76	1.0.0-alpha76.x
rustfs / rustfs	1.0.0-alpha77	1.0.0-alpha77.x
rustfs / rustfs	1.0.0-alpha78	1.0.0-alpha78.x

https://github.com/rustfs/rustfs/security/advisories/GHSA-xgr5-qc6w-vcg9

Vulnerability Database

322,905

CVE-2026-22043

Deep Security Visibility Without the Complexity