CVE-2026-40344
high
CVSS v3
8.2
CVSS v2
—
VIR risk
8.2
Description
MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads
Predictions
Exploit likelihood
88%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security-advisories@github.com — https://github.com/minio/minio/security/advisories/GHSA-9c4q-hq6p-c237
Vendor advisory: security-advisories@github.com — https://github.com/minio/minio/commit/76913a9fd5c6e5c2dbd4e8c7faf56ed9e9e24091
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/minio/minio | >=0.0.0-20230506025312-76913a9fd5c6,<=0.0.0-20260212201848-7aac2a2c5b7c | |
| GO | github.com/minio/minio | >= 0.0.0-20230506025312-76913a9fd5c6, <= 0.0.0-20260212201848-7aac2a2c5b7c | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| minio | minio | {"startIncluding":"2023-05-18t00-05-36z","endExcluding":"2026-04-11T03-20-12Z"} | 2026-04-11T03-20-12Z |
References
- https://github.com/minio/minio/commit/76913a9fd5c6e5c2dbd4e8c7faf56ed9e9e24091
- https://github.com/minio/minio/pull/16484
- https://github.com/minio/minio/security/advisories/GHSA-9c4q-hq6p-c237
- https://nvd.nist.gov/vuln/detail/CVE-2026-40344
- https://github.com/minio/minio
- https://github.com/advisories/GHSA-9c4q-hq6p-c237
CWEs
CWE-287 CWE-306
Verify integrity in audit chain (admin only). AS-IS.