{"vulnerability": "CVE-2025-68926", "sightings": [{"uuid": "ea7c06f8-a7ac-463b-a5ab-60fa7b45b187", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68926", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mb7umyfdfo2e", "content": "", "creation_timestamp": "2025-12-30T17:25:39.114043Z"}, {"uuid": "6af155ac-9f53-4b09-ba95-82f4834fb578", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68926", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mbg3l4fp6f23", "content": "", "creation_timestamp": "2026-01-02T04:45:49.995200Z"}, {"uuid": "c310a702-111e-45ac-860d-11c57b6fd420", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68926", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mb7vm3m56s2c", "content": "", "creation_timestamp": "2025-12-30T17:43:01.918646Z"}, {"uuid": "ef0c06b2-6229-4282-bc2a-bac1bcdd642b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68926", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/code/cves/2025/CVE-2025-68926.yaml", "content": "", "creation_timestamp": "2026-01-04T23:56:33.000000Z"}, {"uuid": "c4296679-926e-4b89-8c76-3ded1673fe80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68926", "type": "seen", "source": "https://bsky.app/profile/appsecfeed.bsky.social/post/3mblwhopnrs2r", "content": "", "creation_timestamp": "2026-01-04T12:30:24.761655Z"}, {"uuid": "b97238f8-0a78-4bfa-a1e6-569f996292a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68926", "type": "seen", "source": "https://bsky.app/profile/appsecfeed.bsky.social/post/3mbqxfg5cyy2l", "content": "", "creation_timestamp": "2026-01-06T12:30:21.570559Z"}, {"uuid": "a53b8397-c624-42cd-b4f2-7d577f342552", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68926", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mbruoj43bk2w", "content": "", "creation_timestamp": "2026-01-06T21:14:25.005595Z"}, {"uuid": "d7336022-d566-437b-b5b8-515bae87754e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68926", "type": "seen", "source": "https://bsky.app/profile/levieva.mastodon.social.ap.brid.gy/post/3mbpbyca574k2", "content": "", "creation_timestamp": "2026-01-05T20:42:54.384612Z"}, {"uuid": "e2d1cad5-0313-4c44-a65a-73b04f7bda43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68926", "type": "seen", "source": "https://gist.github.com/alon710/bd146558ebc244ae0880771ead5307b4", "content": "", "creation_timestamp": "2026-01-24T22:44:13.000000Z"}, {"uuid": "f1c47ce1-14be-41e4-90ff-c0ff042c796a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68926", "type": "published-proof-of-concept", "source": "Telegram/71sICJ2qduNa9p7sy7EcgNRQvBtb-VPS3HuJRrErM7o1_Kg", "content": "", "creation_timestamp": "2026-01-04T21:00:04.000000Z"}, {"uuid": "d10dd5ee-f812-4936-8852-75c0e4691374", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68926", "type": "published-proof-of-concept", "source": "Telegram/uMCzxGgr2x3STZAp0ylOr-SeDC6RAcnQeh3DqIsWZXD5kaQ", "content": "", "creation_timestamp": "2026-01-05T19:00:10.000000Z"}, {"uuid": "d95a37a0-0fcf-4b26-b734-d50ef219f4ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68926", "type": "published-proof-of-concept", "source": "Telegram/VkrzGOR0tqreFUaL079RX9VsFazmmGoYNfIdzA0XeR4BgNU", "content": "", "creation_timestamp": "2026-01-05T16:05:33.000000Z"}, {"uuid": "f6c3c7b4-6b8f-4d1c-9781-faf22b7bfea4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68926", "type": "published-proof-of-concept", "source": "Telegram/NXxnKLZ_SaBlQTQxt0WJ9c3G9QPSHY40ZYnU5qA6mvG8vUA", "content": "", "creation_timestamp": "2026-01-05T21:00:04.000000Z"}, {"uuid": "8fa24086-f7f3-4fea-a623-92422b2470bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68926", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/6017", "content": "\u0412 \u043f\u0440\u043e\u0435\u043a\u0442\u0435 RustFS, \u0440\u0430\u0437\u0432\u0438\u0432\u0430\u044e\u0449\u0435\u043c \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0435 \u0441 S3 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u043d\u043e\u0435 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0435, \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0435 \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 Rust, \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2025-68926), \u043d\u0430\u043f\u043e\u043c\u0438\u043d\u0430\u044e\u0449\u0430\u044f \u0431\u044d\u043a\u0434\u043e\u0440. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435\u043c \u0436\u0451\u0441\u0442\u043a\u043e \u043f\u0440\u043e\u0448\u0438\u0442\u043e\u0433\u043e \u0432 \u043a\u043e\u0434\u0435 \u0442\u043e\u043a\u0435\u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0433\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u0441\u0435\u0442\u0435\u0432\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0438\u0441\u0443 \u043f\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0443 gRPC, \u0443\u043a\u0430\u0437\u0430\u0432 \u0432 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0435 \"authorization\" \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \"rustfs rpc\". \u0422\u043e\u043a\u0435\u043d \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u043e\u0432\u0430\u043b \u0432 \u043a\u043e\u0434\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (9.8 \u0438\u0437 10).\n\n\u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u0435\u0432\u043e\u043c\u0443 \u043f\u043e\u0440\u0442\u0443 gRPC, \u043c\u043e\u0433 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0439 \u0442\u043e\u043a\u0435\u043d \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u0441 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0435\u043c, \u0441\u0440\u0435\u0434\u0438 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0445, \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0446\u0438\u0438 \u0441 \u0443\u0447\u0451\u0442\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430. \u041f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e RustFS \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0435\u0442 gRPC-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 TCP-\u043f\u043e\u0440\u0442\u0443 9000 \u043d\u0430 \u0432\u0441\u0435\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430\u0445. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u0432\u044b\u043f\u0443\u0441\u043a\u0435 RustFS 1.0.0-alpha.77.\n\n   grpcurl -plaintext -H 'authorization: rustfs rpc' \\\n     -d '{\"access_key\": \"admin\"}' \\\n     localhost:9000 node_service.NodeService/LoadUser\n   grpcurl -plaintext -H 'authorization: rustfs rpc' \\\n     -d '{\"volume\": \"config\", \"path\": \"backdoor.sh\", \"buf\": \"...\"}' \\\n     localhost:9000 node_service.NodeService/WriteAll\n\n\u0412 RustFS \u0432\u044b\u044f\u0432\u043b\u0435\u043d \u043f\u0440\u0435\u0434\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u044b\u0439 \u0432 \u043a\u043e\u0434\u0435 \u0442\u043e\u043a\u0435\u043d \u0434\u043e\u0441\u0442\u0443\u043f\u0430\nhttps://www.opennet.ru/opennews/art.shtml?num=64551\n\n\u041e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\ngRPC Hardcoded Token Authentication Bypass - Reproduction Report\nhttps://github.com/rustfs/rustfs/security/advisories/GHSA-h956-rh7x-ppgj", "creation_timestamp": "2026-01-03T21:49:18.000000Z"}]}