CVE-2026-27607 POC (Proof-of-Concept)

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy conditions in presigned POST uploads (PostObject), allowing attackers to bypass content-length-range, starts-with, and Content-Type constraints. This enables unauthorized file uploads exceeding size limits, uploads to arbitrary object keys, and content-type spoofing, potentially leading to storage exhaustion, unauthorized data access, and security bypasses. Version 1.0.0-alpha.83 fixes the issue.

Published: 2026-02-25

CVSS: 9.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Download CVE-2026-27607 POC (Proof-of-Concept) here:

http://zeroday5ujpidshxn6zbfitgjltnm6ynx5pvtpmptj3lsq46b6vvrpqd.onion/exploit-for-cve-2026-27607.776/

Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.

Check our portfolio:

http://zeroday5ujpidshxn6zbfitgjltnm6ynx5pvtpmptj3lsq46b6vvrpqd.onion/members/ccsfteam.254/

https://dnacompany.com/poc-269-cve-2025-70085/

https://dnacompany.com/poc-337-cve-2026-26220/

https://dnacompany.com/poc-267-cve-2026-25084/

https://dnacompany.com/poc-463-cve-2026-27190/

https://dnacompany.com/poc-560-cve-2025-11165/

Social media

Our Services

Contact us

Earthcrate