GHSA-QW24-GH76-8RVV

Vulnerability from github – Published: 2026-06-16 23:39 – Updated: 2026-06-16 23:39
VLAI
Summary
Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix
Details

Summary

rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form:

/[remote:path]/object

The remote value is parsed from the URL and passed to normal backend initialization. Inline remote configuration can set backend options that execute local commands during initialization. As a result, a single unauthenticated GET or HEAD request can execute a command as the rclone process user.

Versions from 1.55.0 onwards are vulnerable to command execution. Earlier versions (from 1.46.0) are vulnerable to the unauthenticated local file read described under "Additional impact" but not to command execution, because inline backend option overrides did not exist until 1.55.0.

Preconditions

Preconditions for this vulnerability are:

  • The rclone remote control API must be enabled, either by the --rc flag or by running the rclone rcd server
  • The remote control API must be reachable by the attacker - by default rclone only serves the rc to localhost unless the --rc-addr flag is in use
  • The rc must have been deployed without global RC HTTP authentication - so not using --rc-user/--rc-pass/--rc-htpasswd/etc
  • The --rc-serve flag must be in use

Impact

An unauthenticated network attacker who can reach the RC HTTP listener can execute commands as the rclone process user.

Additional impact observed during testing:

  • GET and HEAD both trigger backend initialization.
  • The same path allows unauthenticated local file read through inline local remotes.
  • Inline global.* options can mutate process-wide rclone configuration, including global.http_proxy.
  • Browser subresource requests can also trigger the issue against a localhost-only RC listener. In testing, Firefox triggered the payload from a public HTTPS page containing only an <img> tag pointing at http://127.0.0.1:5572/.... This is an additional impact multiplier, not the primary attack precondition.

Mitigations / Workarounds

  • Upgrade to rclone 1.74.3 (or 1.75.0 when released).
  • Or, configure HTTP authentication on the rc with --rc-user/--rc-pass or --rc-htpasswd, which has always been the recommended deployment.
  • Or, do not use --rc-serve if file serving is not needed.

The Fix

The vulnerabilities in this advisory have been fixed by two commits:

  • rc: fix unauthenticated command execution via --rc-serve inline remotes
  • rc: stop global.* connection string options changing config
Severity
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.74.2"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rclone/rclone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.46.0"
            },
            {
              "fixed": "1.74.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-49980"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-16T23:39:41Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "## Summary\n\n`rclone rcd --rc-serve` accepts unauthenticated `GET` and `HEAD` requests to paths of the form:\n\n```text\n/[remote:path]/object\n```\n\nThe `remote` value is parsed from the URL and passed to normal backend initialization. Inline remote configuration can set backend options that execute local commands during initialization. As a result, a single unauthenticated `GET` or `HEAD` request can execute a command as the rclone process user.\n\nVersions from 1.55.0 onwards are vulnerable to command execution. Earlier versions (from 1.46.0) are vulnerable to the unauthenticated local file read described under \"Additional impact\" but not to command execution, because inline backend option overrides did not exist until 1.55.0.\n\n## Preconditions\n\nPreconditions for this vulnerability are:\n\n- The rclone remote control API must be enabled, either by the `--rc` flag or by running the `rclone rcd` server\n- The remote control API must be reachable by the attacker - by default rclone only serves the rc to localhost unless the `--rc-addr` flag is in use\n- The rc must have been deployed without global RC HTTP authentication - so not using `--rc-user`/`--rc-pass`/`--rc-htpasswd`/etc\n- The `--rc-serve` flag must be in use\n\n## Impact\n\nAn unauthenticated network attacker who can reach the RC HTTP listener can execute commands as the rclone process user.\n\nAdditional impact observed during testing:\n\n- `GET` and `HEAD` both trigger backend initialization.\n- The same path allows unauthenticated local file read through inline `local` remotes.\n- Inline `global.*` options can mutate process-wide rclone configuration, including `global.http_proxy`.\n- Browser subresource requests can also trigger the issue against a localhost-only RC listener. In testing, Firefox triggered the payload from a public HTTPS page containing only an `\u003cimg\u003e` tag pointing at `http://127.0.0.1:5572/...`. This is an additional impact multiplier, not the primary attack precondition.\n\n## Mitigations / Workarounds\n\n- Upgrade to rclone 1.74.3 (or 1.75.0 when released).\n- Or, configure HTTP authentication on the rc with `--rc-user`/`--rc-pass`\n  or `--rc-htpasswd`, which has always been the recommended deployment.\n- Or, do not use `--rc-serve` if file serving is not needed.\n\n## The Fix\n\nThe vulnerabilities in this advisory have been fixed by two commits:\n\n- rc: fix unauthenticated command execution via `--rc-serve` inline remotes\n- rc: stop `global.*` connection string options changing config",
  "id": "GHSA-qw24-gh76-8rvv",
  "modified": "2026-06-16T23:39:41Z",
  "published": "2026-06-16T23:39:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rclone/rclone/security/advisories/GHSA-qw24-gh76-8rvv"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rclone/rclone"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.