Cleartext transmission of sensitive information in rclone - #VU137263
Published: July 9, 2026
rclone
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to cleartext transmission of sensitive information in the S3 backend redirect handling logic when following a same-host redirect from https to http. A remote attacker can cause a crafted redirect response to expose the AWS STS session token in cleartext to disclose sensitive information.
Exploitation requires use of temporary credentials that include an STS session token and a redirect that changes the scheme without changing the host and port.