Tag

Metadata-Injection

1 brief RSS

MinIO SSE Metadata Injection via Replication Headers Leads to Data Unreadability

A vulnerability in MinIO allows authenticated users with `s3:PutObject` permission to inject internal server-side encryption metadata into objects via crafted replication headers, leading to permanent data unreadability.

minio s3 metadata-injection denial-of-service

2r 1t Mar 27, 2026