Description

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames. Versions 35.8.3, 38.5.4, and 39.3.1 fix the issue.

INFO

Published Date :

2026-02-25T19:28:35.628Z

Last Modified :

2026-02-26T16:03:22.817Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25138 vulnerability.

Vendors Products
Cern
  • Rucio
Rucio
  • Rucio
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25138.

URL Resource
https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#authentication-and-error-messages cve-icon cve-icon
https://github.com/rucio/rucio/releases/tag/35.8.3 cve-icon cve-icon
https://github.com/rucio/rucio/releases/tag/38.5.4 cve-icon cve-icon
https://github.com/rucio/rucio/releases/tag/39.3.1 cve-icon cve-icon
https://github.com/rucio/rucio/security/advisories/GHSA-38wq-6q2w-hcf9 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact