Ubuntu 26.04 Rclone Serious Arbitrary Code Execution Flaw USN-8299-1
ubuntu
May 25, 2026
Several security issues were fixed in Rclone.
Summary
Several security issues were fixed in Rclone.
Software Description:
- rclone: rsync for commercial cloud storage
Details:
It was discovered that Rclone incorrectly handled authorization in the remote
control API. An attacker could possibly use this issue to obtain sensitive
information. (CVE-2026-41176)
It was discovered that Rclone incorrectly handled backend instantiation via the
remote control API. An attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10 and
Ubuntu 26.04 LTS. (CVE-2026-41179)
Update Instructions
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
rclone 1.60.1+dfsg-4ubuntu3.1
Ubuntu 25.10
rclone 1.60.1+dfsg-4ubuntu2.1
Ubuntu 24.04 LTS
rclone 1.60.1+dfsg-3ubuntu0.24.04.5
Ubuntu 22.04 LTS
rclone 1.53.3-4ubuntu1.22.04.4
Ubuntu 20.04 LTS
rclone 1.50.2-2ubuntu0.2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.References
https://ubuntu.com/security/notices/USN-8299-1
CVE-2026-41176, CVE-2026-41179
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8299-1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!