CVE-2026-55873 in SeaweedFSinformación

Resumen

por MITRE • 2026-07-08

SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated low-privileged S3 user to enumerate administrator-owned table bucket names and ARNs. This issue is fixed in version 4.34.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Responsable

GitHub M

Reservar

2026-06-17

Divulgación

2026-07-08

Moderación

aceptado

Artículo

VDB-376893

CPE

listo

EPSS

0.00000

KEV

no

Actividades

muy bajo

Fuentes

Might our Artificial Intelligence support you?

Check our Alexa App!