Threat intelligence, Threat Research

rclone Remote-Control API Unauthenticated Command Execution

by Security News

rclone Remote-Control API Unauthenticated
Command Execution (CVE-2026-41179)

Overview

SonicWall Capture Labs threat research team became aware of the threat CVE-2026-41179, assessed its impact, and developed mitigation measures. The flaw, also known as the rclone Remote-Control API Unauthenticated Command Execution, is a critical vulnerability affecting the rclone command-line cloud storage manager (rclone/rclone) from version 1.48.0 through 1.73.4. It lets an unauthenticated attacker run arbitrary operating system commands on any host whose Remote-Control (RC) API is reachable over the network, by sending a single HTTP request that defines an inline WebDAV backend whose bearer-token helper command is executed during backend initialization. Classified under CWE-78 (OS Command Injection) and CWE-306 (Missing Authentication for Critical Function) and rated CVSS 9.2 (Critical, CVSS 4.0), it was reported through GitHub Security Advisory GHSA-jfwf-28xr-xw6q. Its EPSS score is 9.20% (94th percentile). Affected deployments are any rclone RC server that is started without global authentication and bound to a non-loopback address, a common Web GUI and automation pattern. Version 1.73.5 adds an authentication requirement to the affected endpoint, so administrators should upgrade and never expose the RC API without authentication.

Technical Overview

rclone is an open-source, single-binary command-line program that synchronizes and copies files to and from more than 70 cloud storage providers, frequently described as rsync for cloud storage, with roughly 58,000 GitHub stars. Beyond the command line it can serve a JSON Remote-Control (RC) API and an associated Web GUI, started with rclone rcd, exposing operations such as listing remotes, copying files, and querying backend capabilities. The operations/fsinfo method of that API is the surface affected by this flaw.

figure1.png
Figure 1: rclone RC operations/fsinfo unauthenticated command execution flow to a reverse shell

The root cause is a missing authentication gate combined with a powerful backend feature. In fs/operations/rc.go, the operations/fsinfo RC method is registered without the AuthRequired: true flag, so it can be called even when the server is started with --rc-no-auth or is otherwise reachable without credentials. The handler, rcFsInfo, passes the caller-supplied fs parameter straight to rc.GetFs.

figure2.png
Figure 2: operations/fsinfo is registered without AuthRequired, so it is reachable with rc-no-auth

rc.GetFs resolves the fs value through GetFsNamed in fs/rc/cache.go. That code accepts not only the name of a preconfigured remote but also an inline backend definition, either a connection string such as :webdav,option=value: or a JSON object, and hands it to cache.Get, which constructs the backend on the fly. An unauthenticated caller can therefore instantiate an arbitrary backend type with attacker-chosen options, even when no matching entry exists in the server configuration file.

figure3.png
Figure 3: GetFsNamed accepts an inline WebDAV backend definition and builds it on the fly

The WebDAV backend completes the chain. It supports a bearer_token_command option, intended to let an operator shell out to a helper that fetches an authentication token. During backend initialization in backend/webdav/webdav.go, NewFs calls fetchAndSetBearerToken, which runs that command through Go's exec.Command. Because the backend is built as part of answering operations/fsinfo, the attacker command executes immediately, in the process context of the rcd server. The command runs without a shell, so a pipeline or reverse shell is wrapped in bash -c, and the process runs as the user that launched rcd, which is not guaranteed to be root.

figure4.png
Figure 4: WebDAV bearer_token_command is executed via exec.Command during backend initialization

The fix in rclone 1.73.5 is a single change: the operations/fsinfo registration gains AuthRequired: true, so the endpoint rejects unauthenticated callers. The inline backend feature in cache.go and the bearer_token_command option in webdav.go are unchanged, because the vulnerability was reaching that command execution without authentication, not the command execution feature itself.

figure5.png
Figure 5: rclone 1.73.5 adds AuthRequired true to the operations/fsinfo endpoint

Triggering the Vulnerability

The following conditions must be met for successful exploitation of CVE-2026-41179:

  • RC API Enabled: The target must run rclone with the Remote-Control API active, started with rclone rcd or the --rc flag. This is common for Web GUI and automation deployments, but it is not rclone's default mode of operation.
  • Network-Reachable Binding: The RC listener must be bound to a non-loopback address such as --rc-addr 0.0.0.0:5572. By default the RC API binds to localhost, so remote exploitation requires the operator to have exposed it on a routable interface.
  • No Global Authentication: The server must run without RC authentication, for example with --rc-no-auth, or with --rc-user and --rc-pass left unset. The operations/fsinfo endpoint carries no auth requirement of its own in affected versions, so the absence of a global credential leaves it open.
  • Vulnerable Version: The rclone build must be between 1.48.0 and 1.73.4 inclusive. Version 1.73.5 and later return an authentication error for operations/fsinfo.
  • Shell-Wrapped Payload for Pipelines: Because the command runs through exec.Command with no shell, any payload that needs pipes, redirection, or a reverse shell is wrapped as bash -c "...". A bare program with discrete arguments runs directly.

Exploitation

Exploiting CVE-2026-41179 needs no special tooling and no credentials. The attacker sends a single HTTP POST to operations/fsinfo with the fs parameter set to an inline WebDAV backend whose bearer_token_command is the payload. The server builds the backend, runs the command during initialization, and returns an ordinary HTTP 200 response containing the normal backend feature list, so a successful attack looks like a routine API call.

figure6.png
Figure 6: Unauthenticated POST carrying the inline WebDAV bearer_token_command payload
Video Demonstration
Payload Key Components
ComponentValuePurpose
Target EndpointPOST /operations/fsinfoUnauthenticated RC method that builds the caller-supplied backend
Transportplaintext HTTP on TCP 5572, also h2cDefault RC listener, with no TLS unless explicitly configured
Injection Parameterfs=:webdav,...: inline backendInstantiates an attacker-defined WebDAV backend on the fly
Command Optionbearer_token_command='<cmd>'Executed via exec.Command during backend initialization
Shell Wrapperbash -c "echo <base64>|base64 -d|python3"Enables pipelines and reverse shells, since exec uses no shell
Server ResponseHTTP 200 with normal Features JSONA successful injection looks like a benign API call

SonicWall Protections

To ensure SonicWall customers are prepared for any exploitation that may occur due to this vulnerability, the following signature has been released:

Signature IDSignature Name
IPS: 22278Rclone bearer_token_command Command Execution

Remediation Recommendations

The risks posed by CVE-2026-41179 can be mitigated or eliminated by:

  • Upgrade rclone: Move to rclone 1.73.5 or later, where operations/fsinfo requires authentication. This is the direct fix and should be applied wherever the RC API is used.
  • Require RC Authentication: Never run the RC API with --rc-no-auth. Set --rc-user and --rc-pass, or an equivalent credential, so that every RC method requires authentication.
  • Bind the RC API to Localhost: Keep the RC listener on 127.0.0.1 unless remote access is genuinely required. Where remote access is needed, place it behind an authenticated reverse proxy rather than binding --rc-addr 0.0.0.0.
  • Restrict Network Exposure: Firewall TCP 5572, or the configured RC port, so it is reachable only from trusted hosts, and enable TLS with --rc-cert and --rc-key for any access beyond localhost.
  • Monitor for Exploitation Artifacts: Inspect RC access logs for POST /operations/fsinfo requests whose body contains bearer_token_command and webdav, and watch for unexpected outbound connections from the rclone host shortly after such a request.
  • Run rclone with Least Privilege: Run the rcd service as an unprivileged, dedicated account so that any command execution is contained, and apply egress filtering to detect unauthorized outbound connections.

Relevant Links

Attribution

Vulnerability reported by the researcher known as 0wnerDied and disclosed through the rclone project as GitHub Security Advisory GHSA-jfwf-28xr-xw6q. The fix was implemented by rclone maintainer Nick Craig-Wood.

Third-party vulnerability database mirrors:

Share This Article

An Article By

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.

Related Articles

  • File Browser Hook Command Runner OS Command Injection
    Read More
  • H2O-3 Unauthenticated RCE via PostgreSQL JDBC socketFactory
    Read More