CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-49980

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /[remote:path]/object. The remote value is parsed from the URL and passed to normal backend initialization. Inline remote configuration can set backend options that execute local commands during initialization. As a result, a single unauthenticated GET or HEAD request can execute a command as the rclone process user. This vulnerability is fixed in 1.74.3.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 48.7%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2026-49980

Rclone » Rclone » Version: 1.46

cpe:2.3:a:rclone:rclone:1.46
Rclone » Rclone » Version: 1.47.0

cpe:2.3:a:rclone:rclone:1.47.0
Rclone » Rclone » Version: 1.48.0

cpe:2.3:a:rclone:rclone:1.48.0
Rclone » Rclone » Version: 1.49.0

cpe:2.3:a:rclone:rclone:1.49.0
Rclone » Rclone » Version: 1.49.1

cpe:2.3:a:rclone:rclone:1.49.1
Rclone » Rclone » Version: 1.49.2

cpe:2.3:a:rclone:rclone:1.49.2
Rclone » Rclone » Version: 1.49.3

cpe:2.3:a:rclone:rclone:1.49.3
Rclone » Rclone » Version: 1.49.4

cpe:2.3:a:rclone:rclone:1.49.4
Rclone » Rclone » Version: 1.49.5

cpe:2.3:a:rclone:rclone:1.49.5
Rclone » Rclone » Version: 1.50.0

cpe:2.3:a:rclone:rclone:1.50.0
Rclone » Rclone » Version: 1.50.1

cpe:2.3:a:rclone:rclone:1.50.1
Rclone » Rclone » Version: 1.50.2

cpe:2.3:a:rclone:rclone:1.50.2
Rclone » Rclone » Version: 1.51.0

cpe:2.3:a:rclone:rclone:1.51.0
Rclone » Rclone » Version: 1.52.0

cpe:2.3:a:rclone:rclone:1.52.0
Rclone » Rclone » Version: 1.52.1

cpe:2.3:a:rclone:rclone:1.52.1
Rclone » Rclone » Version: 1.52.2

cpe:2.3:a:rclone:rclone:1.52.2
Rclone » Rclone » Version: 1.52.3

cpe:2.3:a:rclone:rclone:1.52.3
Rclone » Rclone » Version: 1.53.0

cpe:2.3:a:rclone:rclone:1.53.0
Rclone » Rclone » Version: 1.53.1

cpe:2.3:a:rclone:rclone:1.53.1
Rclone » Rclone » Version: 1.53.2

cpe:2.3:a:rclone:rclone:1.53.2
Rclone » Rclone » Version: 1.53.3

cpe:2.3:a:rclone:rclone:1.53.3
Rclone » Rclone » Version: 1.53.4

cpe:2.3:a:rclone:rclone:1.53.4
Rclone » Rclone » Version: 1.54.0

cpe:2.3:a:rclone:rclone:1.54.0
Rclone » Rclone » Version: 1.54.1

cpe:2.3:a:rclone:rclone:1.54.1
Rclone » Rclone » Version: 1.55.0

cpe:2.3:a:rclone:rclone:1.55.0
Rclone » Rclone » Version: 1.55.1

cpe:2.3:a:rclone:rclone:1.55.1
Rclone » Rclone » Version: 1.56.0

cpe:2.3:a:rclone:rclone:1.56.0
Rclone » Rclone » Version: 1.56.1

cpe:2.3:a:rclone:rclone:1.56.1
Rclone » Rclone » Version: 1.56.2

cpe:2.3:a:rclone:rclone:1.56.2
Rclone » Rclone » Version: 1.57.0

cpe:2.3:a:rclone:rclone:1.57.0
Rclone » Rclone » Version: 1.58.0

cpe:2.3:a:rclone:rclone:1.58.0
Rclone » Rclone » Version: 1.58.1

cpe:2.3:a:rclone:rclone:1.58.1
Rclone » Rclone » Version: 1.59.0

cpe:2.3:a:rclone:rclone:1.59.0
Rclone » Rclone » Version: 1.59.1

cpe:2.3:a:rclone:rclone:1.59.1
Rclone » Rclone » Version: 1.59.2

cpe:2.3:a:rclone:rclone:1.59.2
Rclone » Rclone » Version: 1.60.0

cpe:2.3:a:rclone:rclone:1.60.0
Rclone » Rclone » Version: 1.60.1

cpe:2.3:a:rclone:rclone:1.60.1
Rclone » Rclone » Version: 1.61.0

cpe:2.3:a:rclone:rclone:1.61.0
Rclone » Rclone » Version: 1.61.1

cpe:2.3:a:rclone:rclone:1.61.1
Rclone » Rclone » Version: 1.62.0

cpe:2.3:a:rclone:rclone:1.62.0
Rclone » Rclone » Version: 1.62.1

cpe:2.3:a:rclone:rclone:1.62.1
Rclone » Rclone » Version: 1.62.2

cpe:2.3:a:rclone:rclone:1.62.2
Rclone » Rclone » Version: 1.63.0

cpe:2.3:a:rclone:rclone:1.63.0
Rclone » Rclone » Version: 1.63.1

cpe:2.3:a:rclone:rclone:1.63.1
Rclone » Rclone » Version: 1.64.0

cpe:2.3:a:rclone:rclone:1.64.0
Rclone » Rclone » Version: 1.64.1

cpe:2.3:a:rclone:rclone:1.64.1
Rclone » Rclone » Version: 1.64.2

cpe:2.3:a:rclone:rclone:1.64.2
Rclone » Rclone » Version: 1.65.0

cpe:2.3:a:rclone:rclone:1.65.0
Rclone » Rclone » Version: 1.65.1

cpe:2.3:a:rclone:rclone:1.65.1
Rclone » Rclone » Version: 1.65.2

cpe:2.3:a:rclone:rclone:1.65.2
Rclone » Rclone » Version: 1.66.0

cpe:2.3:a:rclone:rclone:1.66.0
Rclone » Rclone » Version: 1.67.0

cpe:2.3:a:rclone:rclone:1.67.0
Rclone » Rclone » Version: 1.68.0

cpe:2.3:a:rclone:rclone:1.68.0
Rclone » Rclone » Version: 1.68.1

cpe:2.3:a:rclone:rclone:1.68.1
Rclone » Rclone » Version: 1.68.2

cpe:2.3:a:rclone:rclone:1.68.2
Rclone » Rclone » Version: 1.69.0

cpe:2.3:a:rclone:rclone:1.69.0
Rclone » Rclone » Version: 1.69.1

cpe:2.3:a:rclone:rclone:1.69.1
Rclone » Rclone » Version: 1.69.2

cpe:2.3:a:rclone:rclone:1.69.2
Rclone » Rclone » Version: 1.69.3

cpe:2.3:a:rclone:rclone:1.69.3
Rclone » Rclone » Version: 1.70.0

cpe:2.3:a:rclone:rclone:1.70.0
Rclone » Rclone » Version: 1.70.1

cpe:2.3:a:rclone:rclone:1.70.1
Rclone » Rclone » Version: 1.70.2

cpe:2.3:a:rclone:rclone:1.70.2
Rclone » Rclone » Version: 1.70.3

cpe:2.3:a:rclone:rclone:1.70.3
Rclone » Rclone » Version: 1.71.0

cpe:2.3:a:rclone:rclone:1.71.0
Rclone » Rclone » Version: 1.71.1

cpe:2.3:a:rclone:rclone:1.71.1
Rclone » Rclone » Version: 1.71.2

cpe:2.3:a:rclone:rclone:1.71.2
Rclone » Rclone » Version: 1.72.0

cpe:2.3:a:rclone:rclone:1.72.0
Rclone » Rclone » Version: 1.72.1

cpe:2.3:a:rclone:rclone:1.72.1
Rclone » Rclone » Version: 1.73.0

cpe:2.3:a:rclone:rclone:1.73.0
Rclone » Rclone » Version: 1.73.1

cpe:2.3:a:rclone:rclone:1.73.1
Rclone » Rclone » Version: 1.73.2

cpe:2.3:a:rclone:rclone:1.73.2
Rclone » Rclone » Version: 1.73.3

cpe:2.3:a:rclone:rclone:1.73.3
Rclone » Rclone » Version: 1.73.4

cpe:2.3:a:rclone:rclone:1.73.4
Rclone » Rclone » Version: 1.73.5

cpe:2.3:a:rclone:rclone:1.73.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-49980

Products

Pricing

Contact Us