VYPR
Critical severityNVD Advisory· Published Feb 25, 2026· Updated Feb 25, 2026

Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover

CVE-2026-27822

Description

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scripting (XSS) vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an attacker can steal administrator credentials from localStorage, leading to full account takeover and system compromise. Version 1.0.0-alpha.83 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
rustfscrates.io
< 1.0.0-alpha.831.0.0-alpha.83

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.