Home / Vulnerability Intelligence / CVE-2026-27822

CVE-2026-27822 - Vulnerability Analysis

CriticalCVSS: 9.0

Last Updated: February 25, 2026

RustFS - Stored XSS

Published: February 25, 2026Updated: February 25, 2026PoC AvailableRemote Exploitable

Overview

RustFS < 1.0.0-alpha.83 contains a stored XSS caused by bypassing PDF preview logic in the management console, letting attackers execute arbitrary JavaScript and steal admin credentials, exploit requires access to the console.

Severity & Score

Severity: Critical

CVSS Score: 9.0

EPSS Score: 3.3%(Probability of exploitation in next 30 days)

Impact

Attackers can execute JavaScript to steal admin credentials, leading to full account takeover and system compromise.

Mitigation

Update to version 1.0.0-alpha.83 or later.

References

https://github.com/rustfs/rustfs/security/advisories/GHSA-v9fg-3cr2-277j

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 25, 2026

🔴 CVE-2026-27822 - Critical (9) RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scripting (XSS) vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the manageme... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27822/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-27822
Severity: Critical
CVSS Score: 9.0
Type: stored_xss
Status: confirmed
EPSS: 3.3%
Social Posts: 1

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS Score

3.3%Probability of exploitation in the next 30 days