VYPR

Minio

by Minio

Source repositories

CVEs (28)

  • CVE-2026-33322CriMar 24, 2026
    risk 0.57cvss 9.8epss 0.00

    MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary…

  • CVE-2024-55949CriDec 16, 2024
    risk 0.54cvss epss 0.01

    MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit `580d9db85e04f1b63cc2909af50f0ed08afa965f`. This issue has been addressed in…

  • CVE-2025-31489HigApr 3, 2025
    risk 0.50cvss epss 0.02

    MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior…

  • CVE-2026-41145HigApr 22, 2026
    risk 0.46cvss 8.2epss 0.00

    MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's `STREAMING-UNSIGNED-PAYLOAD-TRAILER` code path allows any user who knows a valid access key to…

  • CVE-2026-40344HigApr 22, 2026
    risk 0.46cvss 8.2epss 0.00

    MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler (`PutObjectExtractHandler`) allows any user who knows a valid…

  • CVE-2025-62506HigOct 16, 2025
    risk 0.46cvss 8.1epss 0.01

    MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS (Security Token Service) accounts with restricted session policies to bypass their inline policy…

  • CVE-2026-33419HigMar 24, 2026
    risk 0.42cvss 7.5epss 0.00

    MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS (Security Token Service) AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: (1) distinguishable error…

  • CVE-2026-34204HigMar 31, 2026
    risk 0.39cvss 7.1epss 0.00

    MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime() allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted…

  • CVE-2026-39414MedApr 8, 2026
    risk 0.35cvss 6.5epss 0.00

    MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's…

  • CVE-2024-36107MedMay 28, 2024
    risk 0.27cvss 5.3epss 0.01

    MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. `If-Modified-Since` and `If-Unmodified-Since` headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not…

  • CVE-2026-42600MedMay 11, 2026
    risk 0.25cvss 4.9epss 0.08

    MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from…

  • CVE-2025-27414MedFeb 28, 2025
    risk 0.23cvss epss 0.01

    MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO…

  • CVE-2023-28432KEVMar 22, 2023
    risk 0.23cvss epss 0.84

    Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in…

  • CVE-2022-35919Aug 1, 2022
    risk 0.07cvss epss 0.52

    MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal…

  • CVE-2023-28434KEVMar 22, 2023
    risk 0.06cvss epss 0.07

    Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker…

  • CVE-2021-43858Dec 27, 2021
    risk 0.03cvss epss 0.35

    MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version…

  • CVE-2021-21287Feb 1, 2021
    risk 0.02cvss epss 0.25

    MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data…

  • CVE-2024-24747Jan 31, 2024
    risk 0.00cvss epss 0.34

    MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for `s3:*` actions, but also `admin:*` actions. Which means unless somewhere above in the access-key hierarchy, the `admin` rights are denied,…

  • CVE-2023-28433Mar 22, 2023
    risk 0.00cvss epss 0.01

    Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\` character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as…

  • CVE-2023-27589Mar 14, 2023
    risk 0.00cvss epss 0.01

    Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with `consoleAdmin` permissions can potentially create a user that matches the root credential `accessKey`. Once this user is created…

Page 1 of 2