A vulnerability was found in Rclone up to 1.74.2 . It has been declared as critical . The impacted element is an unknown function of the component Configuration Handler . The manipulation of the argument Remote results in missing authentication. This vulnerability is reported as CVE-2026-49980 . The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.