Product

Rclone

3 briefs RSS

Multiple Vulnerabilities in rclone Allow Arbitrary Code Execution

Multiple vulnerabilities in rclone could be exploited by an attacker to bypass security measures and execute arbitrary program code, potentially leading to complete system compromise.

rclone vulnerability code execution

2r 1t May 15, 2026

critical threat

Rclone Unauthenticated Remote Code Execution Vulnerabilities

2 rules 2 TTPs 2 CVEs

Rclone versions prior to 1.73.5 are vulnerable to two critical unauthenticated remote code execution vulnerabilities (CVE-2026-41176 and CVE-2026-41179) when the remote control API is enabled without authentication, potentially allowing attackers to execute arbitrary commands and compromise the system.

exploited Rclone vulnerability rce cloud

2r 2t 2c Apr 25, 2026

critical advisory

Rclone Unauthenticated options/set Allows Runtime Auth Bypass

2 rules 3 TTPs

Rclone is vulnerable to an unauthenticated options/set vulnerability that allows runtime authentication bypass, potentially leading to sensitive operations and command execution by setting `rc.NoAuth=true` on reachable RC servers started without global HTTP authentication.

rclone auth-bypass rc-api CVE-2026-41176 command-execution

2r 3t Apr 23, 2026