| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41145 | MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads | minio | minio | - | - | 2026-04-22 00:54:09 | Deep Dive |
| CVE-2026-40344 | MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads | minio | minio | - | - | 2026-04-22 00:49:30 | Deep Dive |
| CVE-2026-39414 | MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing | minio | minio | - | - | 2026-04-08 20:05:11 | Deep Dive |
| CVE-2026-34204 | MinIO is Vulnerable to SSE Metadata Injection via Replication Headers | minio | minio | 中危 | - | 2026-03-31 19:30:31 | Deep Dive |
| CVE-2026-33419 | MinIO: LDAP login brute-force via user enumeration and missing rate limit | minio | minio | 中危 | - | 2026-03-24 19:05:31 | Deep Dive |
| CVE-2026-33322 | MinIO: JWT Algorithm Confusion in OIDC Authentication | minio | minio | 中危 | - | 2026-03-24 19:05:05 | Deep Dive |
| CVE-2025-62506 | MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS | minio | minio | High | 8.1 | 2025-10-16 21:17:28 | Deep Dive |
| CVE-2025-59952 | minio-java Client XML Tag is Vulnerable to Value Substitution | minio | minio-java | - | - | 2025-09-29 23:32:34 | Deep Dive |
| CVE-2025-36852 | Build Cache Poisoning via Untrusted Pull Requests | Niklas Portmann | Azure Based Remote Cache Plugin for Nx | - | - | 2025-06-10 19:23:34 | Deep Dive |
| CVE-2025-32963 | Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS | minio | operator | 中危 | - | 2025-04-22 17:14:57 | Deep Dive |
| CVE-2025-31489 | MinIO performs incomplete signature validation for unsigned-trailer uploads | minio | minio | - | - | 2025-04-03 19:36:09 | Deep Dive |
| CVE-2025-27414 | MinIO SFTP authentication bypass due to improperly trusted SSH key | minio | minio | 高危 | - | 2025-02-28 21:06:58 | Deep Dive |
| CVE-2024-55949 | Privilege escalation in IAM import API in MinIO | minio | minio | 高危 | - | 2024-12-16 20:02:01 | Deep Dive |
| CVE-2024-36107 | Information disclosure in minio | minio | minio | Medium | 5.3 | 2024-05-28 18:50:51 | Deep Dive |
| CVE-2024-24747 | MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation | minio | minio | High | 8.8 | 2024-01-31 22:10:23 | Deep Dive |
| CVE-2023-33955 | Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited | minio | console | Medium | 4.3 | 2023-05-30 06:34:09 | Deep Dive |
| CVE-2023-28434 | MinIO is vulnerable to privilege escalation on Linux/MacOS | minio | minio | High | 8.8 | 2023-03-22 20:44:04 | Deep Dive |
| CVE-2023-28433 | Minio Privilege Escalation on Windows via Path separator manipulation | minio | minio | High | 8.8 | 2023-03-22 20:33:43 | Deep Dive |
| CVE-2023-28432 | Minio Information Disclosure in Cluster Deployment | minio | minio | High | 7.5 | 2023-03-22 20:16:39 | Deep Dive |
| CVE-2023-27589 | Minio vulnerable to denial of access by an admin privileged user for root credential | minio | minio | Medium | 6.5 | 2023-03-14 18:22:36 | Deep Dive |