High severity7.1NVD Advisory· Published Mar 31, 2026· Updated Apr 7, 2026
CVE-2026-34204
CVE-2026-34204
Description
MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime() allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-* headers on a normal PutObject request. This issue has been patched in version RELEASE.2026-03-26T21-24-40Z.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/minio/minioGo | >= 0.0.0-20240328174456-468a9fae83e9, <= 0.0.0-20260212201848-7aac2a2c5b7c | — |
Affected products
8- osv-coords7 versionspkg:apk/chainguard/miniopkg:apk/chainguard/minio-iamguarded-2025-compatpkg:apk/wolfi/miniopkg:apk/wolfi/minio-iamguarded-2025-compatpkg:bitnami/miniopkg:golang/github.com/minio/miniopkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
< 0.20260504.002721-r0+ 6 more
- (no CPE)range: < 0.20260504.002721-r0
- (no CPE)range: < 0.20260504.002721-r0
- (no CPE)range: < 0.20260504.002721-r0
- (no CPE)range: < 0.20260504.002721-r0
- (no CPE)range: >= 2024.03.30
- (no CPE)range: >= 0.0.0-20240328174456-468a9fae83e9, <= 0.0.0-20260212201848-7aac2a2c5b7c
- (no CPE)range: < 0.0.20260402T184258-150000.1.158.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.