Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

minio — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting minio. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MinIO operates as a high-performance, S3-compatible object storage server designed for cloud-native environments and edge computing. Its architecture prioritizes speed and scalability, making it a critical infrastructure component for data lakes and AI workloads. Historically, the software has faced numerous security challenges, with approximately 30 Common Vulnerabilities and Exposures (CVEs) documented. These incidents predominantly involve remote code execution, authentication bypasses, and privilege escalation flaws, often stemming from improper input validation or configuration errors in the management API. While the project maintains an active security response team, the frequency of disclosed vulnerabilities highlights the risks associated with complex distributed systems. Users must prioritize strict access controls and regular patching to mitigate exposure, as the software’s widespread adoption in sensitive data environments amplifies the impact of any successful exploitation.

Top products by minio: minio console operator minio-java
CVE IDTitleCVSSSeverityPublished
CVE-2026-41145 MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads — minioCWE-287 8.8AIHighAI2026-04-22
CVE-2026-40344 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads — minioCWE-287 8.8AIHighAI2026-04-22
CVE-2026-39414 MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing — minioCWE-770 5.5AIMediumAI2026-04-08
CVE-2026-34204 MinIO is Vulnerable to SSE Metadata Injection via Replication Headers — minioCWE-287 8.1 -2026-03-31
CVE-2026-33419 MinIO: LDAP login brute-force via user enumeration and missing rate limit — minioCWE-204 9.8 -2026-03-24
CVE-2026-33322 MinIO: JWT Algorithm Confusion in OIDC Authentication — minioCWE-287 7.5 -2026-03-24
CVE-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS — minioCWE-863 8.1 High2025-10-16
CVE-2025-59952 minio-java Client XML Tag is Vulnerable to Value Substitution — minio-javaCWE-20 7.5AIHighAI2025-09-29
CVE-2025-32963 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS — operatorCWE-522 9.9 -2025-04-22
CVE-2025-31489 MinIO performs incomplete signature validation for unsigned-trailer uploads — minioCWE-347 6.5AIMediumAI2025-04-03
CVE-2025-27414 MinIO SFTP authentication bypass due to improperly trusted SSH key — minioCWE-287 7.4 -2025-02-28
CVE-2024-55949 Privilege escalation in IAM import API in MinIO — minioCWE-269 8.8 -2024-12-16
CVE-2024-36107 Information disclosure in minio — minioCWE-200 5.3 Medium2024-05-28
CVE-2024-24747 MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation — minioCWE-269 8.8 High2024-01-31
CVE-2023-33955 Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited — consoleCWE-200 4.3 Medium2023-05-30
CVE-2023-28434 MinIO is vulnerable to privilege escalation on Linux/MacOS — minioCWE-269 8.8 High2023-03-22
CVE-2023-28433 Minio Privilege Escalation on Windows via Path separator manipulation — minioCWE-668 8.8 High2023-03-22
CVE-2023-28432 Minio Information Disclosure in Cluster Deployment — minioCWE-200 7.5 High2023-03-22
CVE-2023-27589 Minio vulnerable to denial of access by an admin privileged user for root credential — minioCWE-269 6.5 Medium2023-03-14
CVE-2023-25812 Allowed DELETE on resources on object locked buckets under Governance mode in Minio — minioCWE-281 6.5 Medium2023-02-21
CVE-2022-35919 Authenticated requests for server update admin API allows path traversal in minio — minioCWE-22 7.4 High2022-08-01
CVE-2022-31028 Possible DDOS by establishing keep-alive connections with anonymous HTTP clients in MinIO — minioCWE-400 7.5 High2022-06-03
CVE-2022-24842 Improper Privilege Management in MinIO — minioCWE-269 8.8 High2022-04-12
CVE-2021-43858 User privilege escalation in MinIO — minioCWE-269 8.8 High2021-12-27
CVE-2021-41266 Authentication bypass issue in the Operator Console — consoleCWE-306 8.6 High2021-11-15
CVE-2021-41137 Bypassing policy restrictions on regular users — minioCWE-285 8.8 High2021-10-13
CVE-2021-21390 MITM modification of request bodies in MinIO — minioCWE-924 6.5 Medium2021-03-19
CVE-2021-21362 Bypassing readOnly policy by creating a temporary 'mc share upload' URL — minioCWE-285 7.7 High2021-03-08
CVE-2021-21287 Server-Side Request Forgery in MinIO Browser API — minioCWE-918 7.7 High2021-02-01
CVE-2020-11012 Authentication bypass MinIO Admin API — minioCWE-305 9.3 Critical2020-04-23

This page lists every published CVE security advisory associated with minio. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.