4 open findings · 4 with upstream fix available
| Package | Version | Severity | CVE | Fix | Description | VEX |
|---|---|---|---|---|---|---|
| github.com/rclone/rclone | v1.69.3 | CRITICAL | GO-2026-4964 | 1.73.5 | Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution in github.com/rclone/rclone. NOTE: The so | — |
| github.com/rclone/rclone | v1.69.3 | CRITICAL | GHSA-25qr-6mpr-f7qx | 1.73.5 | Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution | — |
| github.com/rclone/rclone | v1.69.3 | CRITICAL | GHSA-jfwf-28xr-xw6q | 1.73.5 | RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution | — |
| github.com/rclone/rclone | v1.69.3 | CRITICAL | GHSA-qw24-gh76-8rvv | 1.74.3 | Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix | — |