CVE-2026-45043EPSS p13.1%

CVE-2026-45043CVE-2026-45043

Description

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent identities, including the root user (minioadmin). The endpoint accepts attacker-controlled parent, claims, accessKey, and secretKey values without enforcing privilege boundaries or sanitization. This enables privilege escalation to full administrative access using a persistent, attacker-defined credential. This vulnerability is fixed in 1.0.0-beta.2.

Scoring

EPSS0.23% probability of exploitation · percentile 13.1% · 2026-06-17T12:03:21Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-22042
CVE
CVE-2026-22043
CVE
CVE-2026-45040
CVE
CVE-2025-62506
CVE
CVE-2025-68926
CVE
CVE-2026-40937
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.