Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MinIO — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting MinIO. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by MinIO:minioconsoleoperatorminio-java
CVE IDTitleCVSSSeverityPublished
CVE-2026-41145 MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads — minioCWE-287 8.8AIHighAI2026-04-22
CVE-2026-40344 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads — minioCWE-287 8.8AIHighAI2026-04-22
CVE-2026-39414 MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing — minioCWE-770 5.5AIMediumAI2026-04-08
CVE-2026-34204 MinIO is Vulnerable to SSE Metadata Injection via Replication Headers — minioCWE-287 8.1 -2026-03-31
CVE-2026-33419 MinIO: LDAP login brute-force via user enumeration and missing rate limit — minioCWE-204 9.8 -2026-03-24
CVE-2026-33322 MinIO: JWT Algorithm Confusion in OIDC Authentication — minioCWE-287 7.5 -2026-03-24
CVE-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS — minioCWE-863 8.1 High2025-10-16
CVE-2025-59952 minio-java Client XML Tag is Vulnerable to Value Substitution — minio-javaCWE-20 7.5AIHighAI2025-09-29
CVE-2025-32963 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS — operatorCWE-522 9.9 -2025-04-22
CVE-2025-31489 MinIO performs incomplete signature validation for unsigned-trailer uploads — minioCWE-347 6.5AIMediumAI2025-04-03
CVE-2025-27414 MinIO SFTP authentication bypass due to improperly trusted SSH key — minioCWE-287 7.4 -2025-02-28
CVE-2024-55949 Privilege escalation in IAM import API in MinIO — minioCWE-269 8.8 -2024-12-16
CVE-2024-36107 Information disclosure in minio — minioCWE-200 5.3 Medium2024-05-28
CVE-2024-24747 MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation — minioCWE-269 8.8 High2024-01-31
CVE-2023-33955 Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited — consoleCWE-200 4.3 Medium2023-05-30
CVE-2023-28434 MinIO is vulnerable to privilege escalation on Linux/MacOS — minioCWE-269 8.8 High2023-03-22
CVE-2023-28433 Minio Privilege Escalation on Windows via Path separator manipulation — minioCWE-668 8.8 High2023-03-22
CVE-2023-28432 Minio Information Disclosure in Cluster Deployment — minioCWE-200 7.5 High2023-03-22
CVE-2023-27589 Minio vulnerable to denial of access by an admin privileged user for root credential — minioCWE-269 6.5 Medium2023-03-14
CVE-2023-25812 Allowed DELETE on resources on object locked buckets under Governance mode in Minio — minioCWE-281 6.5 Medium2023-02-21
CVE-2022-35919 Authenticated requests for server update admin API allows path traversal in minio — minioCWE-22 7.4 High2022-08-01
CVE-2022-31028 Possible DDOS by establishing keep-alive connections with anonymous HTTP clients in MinIO — minioCWE-400 7.5 High2022-06-03
CVE-2022-24842 Improper Privilege Management in MinIO — minioCWE-269 8.8 High2022-04-12
CVE-2021-43858 User privilege escalation in MinIO — minioCWE-269 8.8 High2021-12-27
CVE-2021-41266 Authentication bypass issue in the Operator Console — consoleCWE-306 8.6 High2021-11-15
CVE-2021-41137 Bypassing policy restrictions on regular users — minioCWE-285 8.8 High2021-10-13
CVE-2021-21390 MITM modification of request bodies in MinIO — minioCWE-924 6.5 Medium2021-03-19
CVE-2021-21362 Bypassing readOnly policy by creating a temporary 'mc share upload' URL — minioCWE-285 7.7 High2021-03-08
CVE-2021-21287 Server-Side Request Forgery in MinIO Browser API — minioCWE-918 7.7 High2021-02-01
CVE-2020-11012 Authentication bypass MinIO Admin API — minioCWE-305 9.3 Critical2020-04-23

This page lists every published CVE security advisory associated with MinIO. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.