CVE-2026-27822: RustFS & The PDF Trojan: Anatomy of a Critical Stored XSS

RustFS & The PDF Trojan: Anatomy of a Critical Stored XSS Vulnerability ID: CVE-2026-27822 CVSS Score: 9.1 Published: 2026-02-25 While the world rushes to rewrite everything in Rust to escape the nightmare of memory corruption, we are reminded that logic bugs and web vulnerabilities don't care about your borrow checker. CVE-2026-27822 is a critical Stored Cross-Site Scripting (XSS) vulnerability in the RustFS Management Console. By exploiting the PDF preview functionality, an attacker can turn a simple file upload into a weaponized payload that executes arbitrary JavaScript in the context of an administrator's session. This isn't just a pop-up alert; it's a full administrative account takeover via localStorage exfiltration, granting total control over the distributed object storage system. TL;DR Critical Stored XSS in RustFS Console allowing full admin takeover via malicious PDF previews. Technical Details CVE ID : CVE-2026-27822 CVSS : 9.1 (Critical) CWE : CWE-79 (Stored XSS) Attack V

CVE-2026-27822: RustFS & The PDF Trojan: Anatomy of a Critical Stored XSS

Related Articles

TechCrunch Mobility: When a robotaxi has to call 911

Demonetization Simulation

OneLuaPro v5.5.0.1 released

Is 1234567 Divisible by 7?

Fresh Graduate, Zero Experience, One App on the Play Store

Related Articles

News
TechCrunch Mobility: When a robotaxi has to call 911
TechCrunch • 2d ago

News
Demonetization Simulation
Dev.to • 2d ago

News
OneLuaPro v5.5.0.1 released
Lobsters • 2d ago

News
Is 1234567 Divisible by 7?
Medium Programming • 2d ago

News
Fresh Graduate, Zero Experience, One App on the Play Store
Medium Programming • 2d ago