A vulnerability labeled as critical has been found in RustFS 1.0.0-beta.4 . Impacted is an unknown function of the component Snowball auto-extract Feature . The manipulation results in path traversal. This vulnerability is reported as CVE-2026-49991 . The attack can be launched remotely. No exploit exists.