8 matches found
CVE-2026-49991
RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely...
CVE-2026-49991
RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely...
SUSE CVE-2026-34204
MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...
CVE-2026-34204
MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...
CVE-2026-34204 MinIO is Vulnerable to SSE Metadata Injection via Replication Headers
MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...
CVE-2026-34204
MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...
Missing Authorization
Overview github.com/minio/minio is a high performance object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Missing Authorization via the extractMetadataFromMime function. An attacker can make objects permanently unreadable by injecting crafted...
GHSA-3RH2-V3GR-35P9 MinIO is Vulnerable to SSE Metadata Injection via Replication Headers
Impact What kind of vulnerability is it? Who is impacted? A flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication- headers on a normal PutObject request. The...