Home / mailings [USN-8299-1] Rclone vulnerabilities
Posted on 25 May 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8299-1
May 25, 2026
rclone vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Rclone.
Software Description:
- rclone: rsync for commercial cloud storage
Details:
It was discovered that Rclone incorrectly handled authorization in the remote
control API. An attacker could possibly use this issue to obtain sensitive
information. (CVE-2026-41176)
It was discovered that Rclone incorrectly handled backend instantiation via the
remote control API. An attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10 and
Ubuntu 26.04 LTS. (CVE-2026-41179)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
rclone 1.60.1+dfsg-4ubuntu3.1
Ubuntu 25.10
rclone 1.60.1+dfsg-4ubuntu2.1
Ubuntu 24.04 LTS
rclone 1.60.1+dfsg-3ubuntu0.24.04.5
Ubuntu 22.04 LTS
rclone 1.53.3-4ubuntu1.22.04.4
Ubuntu 20.04 LTS
rclone 1.50.2-2ubuntu0.2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8299-1
CVE-2026-41176, CVE-2026-41179
Package Information:
https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-4ubuntu3.1
https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-4ubuntu2.1
https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-3ubuntu0.24.04.5
https://launchpad.net/ubuntu/+source/rclone/1.53.3-4ubuntu1.22.04.4
--===============1603726326927145119==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
