CVE-2026-45040

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

CVE-2026-45040 RustFS: Sensitive Information Leakage (SessionToken and SecretAccessKey) in RustFS Logs [Debug Mode]

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

CVE-2026-45040

RustFS (Rust-based distributed object storage) prior to version 1.0.0-beta.2 leaks sensitive credentials in logs when RUST_LOG=debug, including SessionToken (JWT), SecretAccessKey, and full JWT claims. The issue’s impact is information disclosure in server logs. Mitigation is upgrading to 1.0.0-b...

EUVD-2026-32997

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

PT-2026-44468

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST LOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

CVE-2026-44213

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...

CVE-2026-45339

Open WebUI (self-hosted offline AI platform) has a vulnerability where endpoint access restrictions on API keys could be bypassed by using the x-api-key header, even when the key was restricted from sensitive endpoints like /api/v1/messages. Prior to version 0.9.0, requests with Authorization: Be...

CVE-2026-40344

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

CVE-2026-41145

MinIO contains an authentication bypass in the STREAMING-UNSIGNED-PAYLOAD-TRAILER code path, affecting releases prior to RELEASE.2026-04-11T03-20-12Z. An attacker with a valid access key (including default minioadmin or any key with WRITE on a bucket) can write objects to any bucket without a val...

EUVD-2026-24581

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary...

CVE-2026-41145

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary...

EUVD-2026-24579

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

CVE-2026-40344 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

CVE-2026-40344

MinIO is affected by an authentication bypass in the Snowball auto-extract handler (PutObjectExtractHandler) prior to RELEASE.2026-04-11T03:20:12Z. An attacker with a valid access key (including the default minioadmin or any key with WRITE on a bucket) can write arbitrary objects to any bucket wi...

CVE-2026-40344

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

MinIO 授权问题漏洞

MinIO is an open-source object storage server developed by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. Versions of MinIO from RELEASE.2023-05-18T00-05-36Z to RELEASE.2026-04-11T03-20-12Z containe...

GHSA-4G48-54Q2-FG7Q Apache Airlfow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access

The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidently logged to logs, those values could be seen in the logs. Azure...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data for the accesskey and connectionstring properties, which were not properly masked as sensitive information. An attacker can obtain confidential credentials by accessing the Connection UI...

CVE-2026-25219

The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure...

CVE-2026-25219 Apache Airflow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access

The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure...