CVE-2026-24762
📋 TL;DR
RustFS versions alpha.13 through alpha.81 log sensitive AWS credentials (access keys, secret keys, session tokens) in plaintext at INFO level. This allows anyone with access to application logs to steal credentials and potentially compromise associated AWS resources. All deployments using affected versions are vulnerable.
💻 Affected Systems
- RustFS
📦 What is this software?
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full access to AWS resources associated with the leaked credentials, leading to data exfiltration, resource hijacking, or lateral movement within cloud environments.
Likely Case
Internal users or log monitoring systems inadvertently expose credentials, leading to unauthorized access to S3 buckets or other AWS services.
If Mitigated
With proper log access controls and monitoring, credentials may be exposed but not accessed by malicious actors before rotation.
🎯 Exploit Status
Exploitation requires access to application logs, which typically requires some level of system access or log aggregation system compromise.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: alpha.82
Vendor Advisory: https://github.com/rustfs/rustfs/security/advisories/GHSA-r54g-49rx-98cr
Restart Required: Yes
Instructions:
1. Stop RustFS service. 2. Update to version alpha.82 or later. 3. Restart RustFS service. 4. Rotate all AWS credentials used by RustFS.
🔧 Temporary Workarounds
Disable INFO logging for credential operations
allConfigure logging to exclude INFO level messages or filter credential-related log entries
Set RUST_LOG environment variable to exclude INFO level: RUST_LOG=rustfs=warn
Or configure log4rs/logging configuration to filter out credential patterns
Redirect logs to secure location
allEnsure application logs are written to secure, access-controlled locations only
Configure log output to secure directory with restricted permissions
Use encrypted log storage solutions
🧯 If You Can't Patch
- Immediately rotate all AWS credentials used by RustFS instances
- Implement strict access controls on log files and log aggregation systems
🔍 How to Verify
Check if Vulnerable:
Check RustFS version: rustfs --version. If version is between alpha.13 and alpha.81 inclusive, system is vulnerable.Check Version:
rustfs --versionVerify Fix Applied:
After patching, verify version is alpha.82 or later and test that AWS credentials no longer appear in INFO level logs during normal operations.📡 Detection & Monitoring
Log Indicators:
- Plaintext AWS access keys, secret keys, or session tokens in application logs
- Patterns matching AWS credential format in log files
Network Indicators:
- Unexpected AWS API calls from log aggregation systems or monitoring tools
SIEM Query:
source="rustfs.logs" AND ("AKIA" OR "aws_access_key_id" OR "aws_secret_access_key" OR "aws_session_token")