Lucene search
K

722 matches found

CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

MinIO 授权问题漏洞

MinIO is an open-source object storage server developed by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. There is an authorization vulnerability in MinIO, which stems from a authentication bypass i...

8.8CVSS5.9AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2026/04/15 12:44 a.m.16 views

CLEANSTART-2026-QO20135 When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint

Multiple security vulnerabilities affect the minio-operator-fips package. When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. See references for individual...

9.8CVSS7.2AI score0.01945EPSS
Exploits2References30
Github Security Blog
Github Security Blog
added 2026/04/14 11:40 p.m.14 views

MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads

Impact What kind of vulnerability is it? Who is impacted? An authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid...

8.8CVSS5.9AI score0.00349EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/14 11:40 p.m.4 views

GHSA-HV4R-MVR4-25VW MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads

Impact What kind of vulnerability is it? Who is impacted? An authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid...

8.8CVSS5.9AI score0.00349EPSS
Exploits0References5
Wolfi
Wolfi
added 2026/04/14 7:48 a.m.9 views

GHSA-VFFH-X6R8-XX99 vulnerabilities

Vulnerabilities for packages: jaeger, minio-object-browser, istio, mc, cloud-sql-proxy, splunk-otel-collector, telegraf, prometheus-pushgateway, grafana-pyroscope, certificate-transparency, minio-operator, minio, prometheus, keda, loki, tempo, karma, trillian, datadog-agent, node-problem-detector...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/04/14 7:48 a.m.11 views

CVE-2026-40179 vulnerabilities

Vulnerabilities for packages: jaeger, minio-object-browser, istio, mc, cloud-sql-proxy, splunk-otel-collector, telegraf, prometheus-pushgateway, grafana-pyroscope, certificate-transparency, minio-operator, minio, prometheus, keda, loki, tempo, karma, trillian, datadog-agent, node-problem-detector...

6.1CVSS6.1AI score0.0024EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/14 1:17 a.m.9 views

CVE-2026-40179 vulnerabilities

Vulnerabilities for packages: minio-operator, node-problem-detector-fips, opentelemetry-collector-k8s-fips, grafana-pyroscope-fips, mcp-grafana-fips, minio-fips, minio-operator-fips, certificate-transparency, cloudzero-agent-fips, node-problem-detector, keda-fips, elastic-agent-fips,...

6.1CVSS6.1AI score0.0024EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/14 1:17 a.m.3 views

GHSA-VFFH-X6R8-XX99 vulnerabilities

Vulnerabilities for packages: minio-operator, node-problem-detector-fips, opentelemetry-collector-k8s-fips, grafana-pyroscope-fips, mcp-grafana-fips, minio-fips, minio-operator-fips, certificate-transparency, cloudzero-agent-fips, node-problem-detector, keda-fips, elastic-agent-fips,...

6.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/14 12:4 a.m.24 views

MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

Impact Two authentication bypass vulnerabilities in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allow any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is...

8.8CVSS6AI score0.00418EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/14 12:4 a.m.4 views

GHSA-9C4Q-HQ6P-C237 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

Impact Two authentication bypass vulnerabilities in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allow any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is...

8.8CVSS6.1AI score0.00418EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-34234

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2023-05-18T00-05-36Z through RELEASE.2026-04-11T03-20-12Z Description An authentication bypass exists in the STREAMING-UNSIGNED-PAYLOAD-TRAILER code path. An attacker possessing a valid access key can write arbitrary...

8.8CVSS5.6AI score0.00349EPSS
Exploits0References10
OSV
OSV
added 2026/04/13 10:10 a.m.17 views

BIT-MINIO-2026-39414 MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing

MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...

7.1CVSS5.7AI score0.00485EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.9 views

PT-2026-32435

MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...

7.1CVSS5.7AI score0.00485EPSS
Exploits0References6
Anthropic
Anthropic
added 2026/04/12 6:56 a.m.14 views

ANT-2026-BRQZSDGZ · minio · path-traversal

path-traversal medium GHSA-xh8f-g2qw-gcm7 Severity Claude critical · Security research firm high · Maintainer medium Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Doyensec. ANT-2026-BRQZSDGZ: minio: path-traversa...

7.5CVSS7.5AI score0.83957EPSS
Exploits13
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.10 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: golangci-lint, haproxy-ingress, kyverno-policy-reporter-ui, fluxcd-kustomize-mutating-webhook, hugo, cloud-provider-aws, helm-mapkubeapis, terraform-provider-kubernetes, kserve-rest-proxy, newrelic-nri-statsd, telegraf, kubernetes-csi-external-resizer,...

7.5CVSS6.9AI score0.00621EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.26 views

GHSA-JRG3-GFJW-HM96 vulnerabilities

Vulnerabilities for packages: golangci-lint, haproxy-ingress, kyverno-policy-reporter-ui, fluxcd-kustomize-mutating-webhook, hugo, cloud-provider-aws, helm-mapkubeapis, terraform-provider-kubernetes, kserve-rest-proxy, newrelic-nri-statsd, telegraf, kubernetes-csi-external-resizer,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.12 views

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: golangci-lint, haproxy-ingress, kyverno-policy-reporter-ui, fluxcd-kustomize-mutating-webhook, hugo, cloud-provider-aws, helm-mapkubeapis, terraform-provider-kubernetes, kserve-rest-proxy, newrelic-nri-statsd, telegraf, kubernetes-csi-external-resizer,...

7.5CVSS6.9AI score0.00349EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/11 12:0 a.m.14 views

PT-2026-34231

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2023-05-18T00-05-36Z through RELEASE.2026-04-11T03-20-12Z Description An authentication bypass exists in the Snowball auto-extract handler PutObjectExtractHandler. This issue allows a user with a valid access key to writ...

8.8CVSS5.8AI score0.00418EPSS
Exploits0References11
OSV
OSV
added 2026/04/09 5:32 p.m.6 views

GHSA-H749-FXX7-PWPG MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing

Impact What kind of vulnerability is it? Who is impacted? MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function calls bufio.Reader.ReadBytes'\n' with no size limit, buffering the...

7.1CVSS5.8AI score0.00485EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/09 5:32 p.m.8 views

EUVD-2026-20602

MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing...

7.1CVSS5.9AI score0.00485EPSS
Exploits0References5
Rows per page
Query Builder