CVE-2025-68926

CRITICAL NUCLEI LAB

RustFS <1.0.0-alpha.78 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2025-68926. PoCs published by Chocapikk, Arcueld, materaj2. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Go-based exploit for CVE-2025-68926, which leverages a hardcoded gRPC authentication token in RustFS versions < 1.0.0-alpha.77. The exploit demonstrates unauthenticated access to gRPC services, enabling file read/write operations and system information disclosure.

Description

RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token `"rustfs rpc"` that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable with no mechanism for token rotation, and universally valid across all RustFS deployments. Any attacker with network access to the gRPC port can authenticate using this publicly known token and execute privileged operations including data destruction, policy manipulation, and cluster configuration changes. Version 1.0.0-alpha.78 contains a fix for the issue.

Exploits (3)

nomisec WORKING POC 7 stars
by Chocapikk · poc
https://github.com/Chocapikk/CVE-2025-68926

This repository contains a functional Go-based exploit for CVE-2025-68926, which leverages a hardcoded gRPC authentication token in RustFS versions < 1.0.0-alpha.77. The exploit demonstrates unauthenticated access to gRPC services, enabling file read/write operations and system information disclosure.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: RustFS < 1.0.0-alpha.77
No auth needed
Prerequisites: Network access to the target RustFS gRPC service · RustFS version < 1.0.0-alpha.77
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec SCANNER 1 stars
by Arcueld · poc
https://github.com/Arcueld/CVE-2025-68926

The repository contains a scanner for CVE-2025-68926, which checks for vulnerability status and retrieves server properties. It includes gRPC protocol buffer files and a Python script for single or batch target detection.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Unknown (gRPC-based service)
No auth needed
Prerequisites: Network access to the target service
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by materaj2 · poc
https://github.com/materaj2/CVE-2025-68926-repo

This repository contains a functional exploit script for CVE-2025-68926, which targets a hardcoded gRPC authentication token in RustFS. The script demonstrates authentication bypass, information disclosure, credential theft, and destructive operations using the hardcoded token 'rustfs rpc'.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: RustFS < 1.0.0-alpha.78
No auth needed
Prerequisites: grpcurl · node.proto file
devstral-2 · analyzed Mar 15, 2026 Full analysis →

Nuclei Templates (1)

RustFS < 1.0.0-alpha.77 - Hardcoded gRPC Authentication Token
CRITICALVERIFIEDby Chocapikk,bilisheep

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0771
EPSS Percentile 92.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull rustfs/rustfs:1.0.0-alpha.76

Details

CWE
CWE-287 CWE-798
Status published
Products (2)
crates.io/rustfs 1.0.0-alpha.13 - 1.0.0-alpha.78crates.io
rustfs/rustfs 1.0.0 alpha1 (49 CPE variants)
Published Dec 30, 2025
Tracked Since Feb 18, 2026