
SonicWall Capture Labs threat research team became aware of the threat CVE-2026-41179, assessed its impact, and developed mitigation measures. The flaw, also known as the rclone Remote-Control API Unauthenticated Command Execution, is a critical vulnerability affecting the rclone command-line cloud storage manager (rclone/rclone) from version 1.48.0 through 1.73.4. It lets an unauthenticated attacker run arbitrary operating system commands on any host whose Remote-Control (RC) API is reachable over the network, by sending a single HTTP request that defines an inline WebDAV backend whose bearer-token helper command is executed during backend initialization. Classified under CWE-78 (OS Command Injection) and CWE-306 (Missing Authentication for Critical Function) and rated CVSS 9.2 (Critical, CVSS 4.0), it was reported through GitHub Security Advisory GHSA-jfwf-28xr-xw6q. Its EPSS score is 9.20% (94th percentile). Affected deployments are any rclone RC server that is started without global authentication and bound to a non-loopback address, a common Web GUI and automation pattern. Version 1.73.5 adds an authentication requirement to the affected endpoint, so administrators should upgrade and never expose the RC API without authentication.
rclone is an open-source, single-binary command-line program that synchronizes and copies files to and from more than 70 cloud storage providers, frequently described as rsync for cloud storage, with roughly 58,000 GitHub stars. Beyond the command line it can serve a JSON Remote-Control (RC) API and an associated Web GUI, started with rclone rcd, exposing operations such as listing remotes, copying files, and querying backend capabilities. The operations/fsinfo method of that API is the surface affected by this flaw.

The root cause is a missing authentication gate combined with a powerful backend feature. In fs/operations/rc.go, the operations/fsinfo RC method is registered without the AuthRequired: true flag, so it can be called even when the server is started with --rc-no-auth or is otherwise reachable without credentials. The handler, rcFsInfo, passes the caller-supplied fs parameter straight to rc.GetFs.

rc.GetFs resolves the fs value through GetFsNamed in fs/rc/cache.go. That code accepts not only the name of a preconfigured remote but also an inline backend definition, either a connection string such as :webdav,option=value: or a JSON object, and hands it to cache.Get, which constructs the backend on the fly. An unauthenticated caller can therefore instantiate an arbitrary backend type with attacker-chosen options, even when no matching entry exists in the server configuration file.

The WebDAV backend completes the chain. It supports a bearer_token_command option, intended to let an operator shell out to a helper that fetches an authentication token. During backend initialization in backend/webdav/webdav.go, NewFs calls fetchAndSetBearerToken, which runs that command through Go's exec.Command. Because the backend is built as part of answering operations/fsinfo, the attacker command executes immediately, in the process context of the rcd server. The command runs without a shell, so a pipeline or reverse shell is wrapped in bash -c, and the process runs as the user that launched rcd, which is not guaranteed to be root.

The fix in rclone 1.73.5 is a single change: the operations/fsinfo registration gains AuthRequired: true, so the endpoint rejects unauthenticated callers. The inline backend feature in cache.go and the bearer_token_command option in webdav.go are unchanged, because the vulnerability was reaching that command execution without authentication, not the command execution feature itself.

The following conditions must be met for successful exploitation of CVE-2026-41179:
Exploiting CVE-2026-41179 needs no special tooling and no credentials. The attacker sends a single HTTP POST to operations/fsinfo with the fs parameter set to an inline WebDAV backend whose bearer_token_command is the payload. The server builds the backend, runs the command during initialization, and returns an ordinary HTTP 200 response containing the normal backend feature list, so a successful attack looks like a routine API call.

| Component | Value | Purpose |
|---|---|---|
| Target Endpoint | POST /operations/fsinfo | Unauthenticated RC method that builds the caller-supplied backend |
| Transport | plaintext HTTP on TCP 5572, also h2c | Default RC listener, with no TLS unless explicitly configured |
| Injection Parameter | fs=:webdav,...: inline backend | Instantiates an attacker-defined WebDAV backend on the fly |
| Command Option | bearer_token_command='<cmd>' | Executed via exec.Command during backend initialization |
| Shell Wrapper | bash -c "echo <base64>|base64 -d|python3" | Enables pipelines and reverse shells, since exec uses no shell |
| Server Response | HTTP 200 with normal Features JSON | A successful injection looks like a benign API call |
To ensure SonicWall customers are prepared for any exploitation that may occur due to this vulnerability, the following signature has been released:
| Signature ID | Signature Name |
|---|---|
| IPS: 22278 | Rclone bearer_token_command Command Execution |
The risks posed by CVE-2026-41179 can be mitigated or eliminated by:
Vulnerability reported by the researcher known as 0wnerDied and disclosed through the rclone project as GitHub Security Advisory GHSA-jfwf-28xr-xw6q. The fix was implemented by rclone maintainer Nick Craig-Wood.
Third-party vulnerability database mirrors:
Share This Article

An Article By
An Article By
Security News
Security News