PatchSiren cyber security CVE debrief
CVE-2026-59732 rclone CVE debrief
Rclone's archive extract feature can write files outside the user-selected destination prefix when extracting a crafted archive containing parent path components like ../. This issue allows creation or overwrite of sibling objects in the same bucket or path scope. The vulnerability is fixed in Rclone version 1.74.4. This issue has a CVSS score of 5, indicating medium severity. The vulnerability can be exploited by an attacker to write extracted files outside the intended destination directory, potentially creating or overwriting sibling objects in the same bucket or path.
- Vendor
- rclone
- Product
- Unknown
- CVSS
- MEDIUM 5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-17
Who should care
Users of Rclone who handle archive extraction, especially in cloud storage environments, should be aware of this vulnerability. Updating to version 1.74.4 or later is recommended. System administrators and security teams responsible for managing Rclone deployments should review the vulnerability details and take necessary actions to mitigate the risk.
Technical summary
CVE-2026-59732 is a path traversal vulnerability in Rclone's archive extract feature. Prior to version 1.74.4, Rclone does not properly handle parent path components like ../ in archive files. This allows an attacker to write extracted files outside the intended destination directory, potentially creating or overwriting sibling objects in the same bucket or path. The vulnerability has a CVSS score of 5 (MEDIUM severity). The issue is fixed in Rclone version 1.74.4.
Defensive priority
Medium priority due to the potential for data overwrite or unauthorized file creation. Users should prioritize updating to version 1.74.4 or later and review their Rclone deployments for potential exposure.
Recommended defensive actions
- Update Rclone to version 1.74.4 or later
- Review and validate archive files before extraction
- Monitor for suspicious file system changes
- Verify the integrity of extracted files
- Implement additional monitoring and logging for Rclone activity
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-14T22:17:29.920Z and last modified on 2026-07-17T03:12:05.760Z. The NVD entry is currently Analyzed. There is limited information available about the specific details of the vulnerability beyond what is provided in the CVE and NVD entries. Users should verify the information with the vendor and consider the potential impact on their systems.
Official resources
-
CVE-2026-59732 CVE record
CVE.org
-
CVE-2026-59732 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T22:17:29.920Z and has not been modified since then. The NVD entry is currently Analyzed.