CVE-2026-42600
medium
CVSS v3
4.9
CVSS v2
—
VIR risk
4.9
Description
MinIO vulnerable to Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint
Predictions
Exploit likelihood
59%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security-advisories@github.com — https://github.com/minio/minio/security/advisories/GHSA-xh8f-g2qw-gcm7
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/minio/minio | >=0.0.0-20220724015452,<0.0.0-20260414213245 | 0.0.0-20260414213245 |
| GO | github.com/minio/minio | >= 0.0.0-20220724015452, < 0.0.0-20260414213245 | 0.0.0-20260414213245 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| minio | minio | {"startIncluding":"2022-07-24t01-54-52z","endExcluding":"2026-04-14t21-32-45z"} | 2026-04-14t21-32-45z |
References
CWEs
CWE-22
Verify integrity in audit chain (admin only). AS-IS.