VYPR
Vendor

Minio

Products
3
CVEs
34
Across products
34
Status
Private

Products

3

Recent CVEs

34
View all 34 CVEs →
  • CVE-2026-33322CriMar 24, 2026
    risk 0.57cvss 9.8epss 0.00

    MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary…

  • CVE-2024-55949CriDec 16, 2024
    risk 0.54cvss epss 0.01

    MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit `580d9db85e04f1b63cc2909af50f0ed08afa965f`. This issue has been addressed in…

  • CVE-2025-59952HigSep 30, 2025
    risk 0.50cvss epss 0.00

    MinIO Java SDK is a Simple Storage Service (aka S3) client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were…

  • CVE-2025-31489HigApr 3, 2025
    risk 0.50cvss epss 0.02

    MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior…

  • CVE-2026-41145HigApr 22, 2026
    risk 0.46cvss 8.2epss 0.00

    MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's `STREAMING-UNSIGNED-PAYLOAD-TRAILER` code path allows any user who knows a valid access key to…

  • CVE-2026-40344HigApr 22, 2026
    risk 0.46cvss 8.2epss 0.00

    MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler (`PutObjectExtractHandler`) allows any user who knows a valid…

  • CVE-2025-62506HigOct 16, 2025
    risk 0.46cvss 8.1epss 0.01

    MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS (Security Token Service) accounts with restricted session policies to bypass their inline policy…

  • CVE-2026-33419HigMar 24, 2026
    risk 0.42cvss 7.5epss 0.00

    MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS (Security Token Service) AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: (1) distinguishable error…

  • CVE-2026-34204HigMar 31, 2026
    risk 0.39cvss 7.1epss 0.00

    MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime() allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted…

  • CVE-2025-32963MedApr 22, 2025
    risk 0.38cvss epss 0.01

    MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the `spec.audiences` field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may…

  • CVE-2026-39414MedApr 8, 2026
    risk 0.35cvss 6.5epss 0.00

    MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's…

  • CVE-2026-2607MedMay 27, 2026
    risk 0.33cvss 5.1epss 0.00

    IBM MQ Operator SC2: v3.2.0 through 3.2.23CD:  v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied MQ Advanced container images SC2: 9.4.0.6 through r1, 9.4.0.6-r2, 9.4.0.7-r1,…

  • CVE-2024-36107MedMay 28, 2024
    risk 0.27cvss 5.3epss 0.01

    MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. `If-Modified-Since` and `If-Unmodified-Since` headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not…

  • CVE-2025-12755MedFeb 17, 2026
    risk 0.26cvss 4.0epss 0.00

    IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x–9.4.x releases) contain a vulnerability where log messages are not properly neutralized before being written to log files. This…

  • CVE-2026-42600MedMay 11, 2026
    risk 0.25cvss 4.9epss 0.08

    MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from…

  • CVE-2025-27414MedFeb 28, 2025
    risk 0.23cvss epss 0.01

    MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO…

  • CVE-2023-28432KEVMar 22, 2023
    risk 0.23cvss epss 0.84

    Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in…

  • CVE-2022-35919Aug 1, 2022
    risk 0.07cvss epss 0.52

    MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal…

  • CVE-2023-28434KEVMar 22, 2023
    risk 0.06cvss epss 0.07

    Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker…

  • CVE-2021-43858Dec 27, 2021
    risk 0.03cvss epss 0.35

    MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version…