VYPR
Critical severity9.8NVD Advisory· Published Mar 24, 2026· Updated Apr 8, 2026

CVE-2026-33322

CVE-2026-33322

Description

MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and obtain S3 credentials with any policy, including consoleAdmin. This issue has been patched in RELEASE.2026-03-17T21-25-16Z.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/minio/minioGo
<= 0.0.0-20260212201848-7aac2a2c5b7c

Affected products

7

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.