Home/Product/minio
Product

minio

23 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-41145
>= 2023-05-18t00-05-36z and < 2026-04-11T03-20-12Z
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-
8.2HIGH
 CVE-2026-40344
>= 2023-05-18t00-05-36z and < 2026-04-11T03-20-12Z
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-
8.2HIGH
 CVE-2026-39414
>= 2018-08-18t03-49-57z and <= 2025-10-15t17-29-55z
MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO
6.5MEDIUM
 CVE-2026-34204
< 2026-03-26t21-24-40z
MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMim
7.1HIGH
 CVE-2026-33419
< 2026-03-17t21-25-16z
MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS (Security Token Servi
7.5HIGH
 CVE-2026-33322
>= 2022-11-08t05-27-07z and < 2026-03-17t21-25-16z
MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT
9.8CRITICAL
 CVE-2024-24747
all versions
MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not
8.8HIGH
 CVE-2023-33955
< 0.28.0
Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filen
4.3MEDIUM
 CVE-2023-28434
< 2023-03-20t20-16-18z
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to by
8.8HIGH
 CVE-2023-28433
< 2023-03-20t20-16-18z
Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted.
8.8HIGH
 CVE-2023-28432
>= 2019-12-17t23-16-33z and < 2023-03-20t20-16-18z
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to R
7.5HIGH
 CVE-2023-27589
>= 2020-12-23t02-24-12z and < 2023-03-13t19-46-17z
Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-
6.5MEDIUM
 CVE-2023-25812
>= 2020-04-10t03-34-42z and < 2023-02-17t17-52-43z
Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a Deny policy on ByPassGoverance. Idea
6.5MEDIUM
 CVE-2022-35919
< 2022-07-29t19-40-48z
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin'
7.4HIGH
 CVE-2022-31028
>= 2019-09-25t18-25-51z and < 2022-06-02t02-11-04z
MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE
7.5HIGH
 CVE-2022-24842
>= 2021-12-09t06-19-41z and < 2022-04-12t06-55-35z
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where
8.8HIGH
 CVE-2021-43858
< 2021-12-27t07-23-18z
MinIO is a Kubernetes native application for cloud storage. Prior to version RELEASE.2021-12-27T07-23-18Z, a malicious client ca
8.8HIGH
 CVE-2021-41137
all versions
Minio is a Kubernetes native application for cloud storage. All users on release RELEASE.2021-10-10T16-53-30Z are affected by a
8.8HIGH
 CVE-2021-21390
< 2021-03-17t02-33-02z
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In
6.5MEDIUM
 CVE-2021-21362
< 2021-03-04t00-53-13z
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In
7.7HIGH
 CVE-2021-21287
< 2021-01-30t00-20-58z
MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58
7.7HIGH
 CVE-2020-11012
< 2020-04-23t00-58-49z
MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin acce
9.3CRITICAL
 CVE-2018-1000538
< 2018-05-16t23-35-33z
Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttl
7.5HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin