Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

minio — Vulnerabilities & Security Advisories 26

All 26 CVE vulnerabilities found in minio, with AI-generated Chinese analysis, references, and POCs.

Vendor: MinIO

CVE IDTitleCVSSSeverityPublished
CVE-2026-41145 MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads CWE-287 8.8AIHighAI2026-04-22
CVE-2026-40344 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads CWE-287 8.8AIHighAI2026-04-22
CVE-2026-39414 MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing CWE-770 5.5AIMediumAI2026-04-08
CVE-2026-34204 MinIO is Vulnerable to SSE Metadata Injection via Replication Headers CWE-287 8.1 -2026-03-31
CVE-2026-33419 MinIO: LDAP login brute-force via user enumeration and missing rate limit CWE-204 9.8 -2026-03-24
CVE-2026-33322 MinIO: JWT Algorithm Confusion in OIDC Authentication CWE-287 7.5 -2026-03-24
CVE-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS CWE-863 8.1 High2025-10-16
CVE-2025-31489 MinIO performs incomplete signature validation for unsigned-trailer uploads CWE-347 6.5AIMediumAI2025-04-03
CVE-2025-27414 MinIO SFTP authentication bypass due to improperly trusted SSH key CWE-287 7.4 -2025-02-28
CVE-2024-55949 Privilege escalation in IAM import API in MinIO CWE-269 8.8 -2024-12-16
CVE-2024-36107 Information disclosure in minio CWE-200 5.3 Medium2024-05-28
CVE-2024-24747 MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation CWE-269 8.8 High2024-01-31
CVE-2023-28434 MinIO is vulnerable to privilege escalation on Linux/MacOS CWE-269 8.8 High2023-03-22
CVE-2023-28433 Minio Privilege Escalation on Windows via Path separator manipulation CWE-668 8.8 High2023-03-22
CVE-2023-28432 Minio Information Disclosure in Cluster Deployment CWE-200 7.5 High2023-03-22
CVE-2023-27589 Minio vulnerable to denial of access by an admin privileged user for root credential CWE-269 6.5 Medium2023-03-14
CVE-2023-25812 Allowed DELETE on resources on object locked buckets under Governance mode in Minio CWE-281 6.5 Medium2023-02-21
CVE-2022-35919 Authenticated requests for server update admin API allows path traversal in minio CWE-22 7.4 High2022-08-01
CVE-2022-31028 Possible DDOS by establishing keep-alive connections with anonymous HTTP clients in MinIO CWE-400 7.5 High2022-06-03
CVE-2022-24842 Improper Privilege Management in MinIO CWE-269 8.8 High2022-04-12
CVE-2021-43858 User privilege escalation in MinIO CWE-269 8.8 High2021-12-27
CVE-2021-41137 Bypassing policy restrictions on regular users CWE-285 8.8 High2021-10-13
CVE-2021-21390 MITM modification of request bodies in MinIO CWE-924 6.5 Medium2021-03-19
CVE-2021-21362 Bypassing readOnly policy by creating a temporary 'mc share upload' URL CWE-285 7.7 High2021-03-08
CVE-2021-21287 Server-Side Request Forgery in MinIO Browser API CWE-918 7.7 High2021-02-01
CVE-2020-11012 Authentication bypass MinIO Admin API CWE-305 9.3 Critical2020-04-23

All 26 known CVE vulnerabilities affecting minio with full Chinese analysis, references, and POCs where available.