VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/minio/minio

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-41145 high 8.2 8.2 1mo ago MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads golang
CVE-2026-40344 high 8.2 8.2 1mo ago MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads golang
CVE-2026-42600 medium 4.9 4.9 16d ago MinIO vulnerable to Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint golang
CVE-2023-28434 unknown 1.5 3y ago MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `Post… golang
CVE-2026-39414 unknown 2mo ago MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing golang
CVE-2026-34204 unknown 2mo ago MinIO is Vulnerable to SSE Metadata Injection via Replication Headers in github.com/minio/minio golang
CVE-2026-33419 unknown 2mo ago MinIO LDAP login brute-force via user enumeration and missing rate limit in github.com/minio/minio golang
CVE-2026-33322 unknown 2mo ago MinIO has JWT Algorithm Confusion in OIDC Authentication in github.com/minio/minio susegolang
CVE-2025-62506 unknown 7mo ago MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS in github.com/minio/minio golang
CVE-2025-31489 unknown 1y ago MinIO performs incomplete signature validation for unsigned-trailer uploads in github.com/minio/minio golang
CVE-2025-27414 unknown 1y ago MinIO SFTP authentication bypass due to improperly trusted SSH key in github.com/minio/minio golang
CVE-2024-55949 unknown 2y ago MinIO vulnerable to privilege escalation in IAM import API in github.com/minio/minio golang
CVE-2024-36107 unknown 2y ago MinIO information disclosure vulnerability in github.com/minio/minio golang
CVE-2024-24747 unknown 2y ago Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation in github.com/minio/minio golang
CVE-2023-28433 unknown 3y ago Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation golang