722 matches found
MinIO 授权问题漏洞
MinIO is an open-source object storage server developed by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. There is an authorization vulnerability in MinIO, which stems from a authentication bypass i...
CLEANSTART-2026-QO20135 When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint
Multiple security vulnerabilities affect the minio-operator-fips package. When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. See references for individual...
MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads
Impact What kind of vulnerability is it? Who is impacted? An authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid...
GHSA-HV4R-MVR4-25VW MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads
Impact What kind of vulnerability is it? Who is impacted? An authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid...
GHSA-VFFH-X6R8-XX99 vulnerabilities
Vulnerabilities for packages: jaeger, minio-object-browser, istio, mc, cloud-sql-proxy, splunk-otel-collector, telegraf, prometheus-pushgateway, grafana-pyroscope, certificate-transparency, minio-operator, minio, prometheus, keda, loki, tempo, karma, trillian, datadog-agent, node-problem-detector...
CVE-2026-40179 vulnerabilities
Vulnerabilities for packages: jaeger, minio-object-browser, istio, mc, cloud-sql-proxy, splunk-otel-collector, telegraf, prometheus-pushgateway, grafana-pyroscope, certificate-transparency, minio-operator, minio, prometheus, keda, loki, tempo, karma, trillian, datadog-agent, node-problem-detector...
CVE-2026-40179 vulnerabilities
Vulnerabilities for packages: minio-operator, node-problem-detector-fips, opentelemetry-collector-k8s-fips, grafana-pyroscope-fips, mcp-grafana-fips, minio-fips, minio-operator-fips, certificate-transparency, cloudzero-agent-fips, node-problem-detector, keda-fips, elastic-agent-fips,...
GHSA-VFFH-X6R8-XX99 vulnerabilities
Vulnerabilities for packages: minio-operator, node-problem-detector-fips, opentelemetry-collector-k8s-fips, grafana-pyroscope-fips, mcp-grafana-fips, minio-fips, minio-operator-fips, certificate-transparency, cloudzero-agent-fips, node-problem-detector, keda-fips, elastic-agent-fips,...
MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads
Impact Two authentication bypass vulnerabilities in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allow any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is...
GHSA-9C4Q-HQ6P-C237 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads
Impact Two authentication bypass vulnerabilities in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allow any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is...
PT-2026-34234
Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2023-05-18T00-05-36Z through RELEASE.2026-04-11T03-20-12Z Description An authentication bypass exists in the STREAMING-UNSIGNED-PAYLOAD-TRAILER code path. An attacker possessing a valid access key can write arbitrary...
BIT-MINIO-2026-39414 MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing
MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...
PT-2026-32435
MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...
ANT-2026-BRQZSDGZ · minio · path-traversal
path-traversal medium GHSA-xh8f-g2qw-gcm7 Severity Claude critical · Security research firm high · Maintainer medium Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Doyensec. ANT-2026-BRQZSDGZ: minio: path-traversa...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: golangci-lint, haproxy-ingress, kyverno-policy-reporter-ui, fluxcd-kustomize-mutating-webhook, hugo, cloud-provider-aws, helm-mapkubeapis, terraform-provider-kubernetes, kserve-rest-proxy, newrelic-nri-statsd, telegraf, kubernetes-csi-external-resizer,...
GHSA-JRG3-GFJW-HM96 vulnerabilities
Vulnerabilities for packages: golangci-lint, haproxy-ingress, kyverno-policy-reporter-ui, fluxcd-kustomize-mutating-webhook, hugo, cloud-provider-aws, helm-mapkubeapis, terraform-provider-kubernetes, kserve-rest-proxy, newrelic-nri-statsd, telegraf, kubernetes-csi-external-resizer,...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: golangci-lint, haproxy-ingress, kyverno-policy-reporter-ui, fluxcd-kustomize-mutating-webhook, hugo, cloud-provider-aws, helm-mapkubeapis, terraform-provider-kubernetes, kserve-rest-proxy, newrelic-nri-statsd, telegraf, kubernetes-csi-external-resizer,...
PT-2026-34231
Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2023-05-18T00-05-36Z through RELEASE.2026-04-11T03-20-12Z Description An authentication bypass exists in the Snowball auto-extract handler PutObjectExtractHandler. This issue allows a user with a valid access key to writ...
GHSA-H749-FXX7-PWPG MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing
Impact What kind of vulnerability is it? Who is impacted? MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function calls bufio.Reader.ReadBytes'\n' with no size limit, buffering the...
EUVD-2026-20602
MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing...