Tag

Minio

4 briefs RSS

medium advisory

MinIO Information Disclosure Vulnerability

2 rules 1 TTP

A remote, authenticated attacker can exploit a vulnerability in MinIO to disclose sensitive information.

MinIO information-disclosure

2r 1t May 6, 2026

high advisory

MinIO Unauthenticated Object Write Vulnerability

2 rules 3 TTPs

Two authentication bypass vulnerabilities in MinIO allow writing arbitrary objects to any bucket with only a valid access key, without the secret key or valid signature, impacting all MinIO deployments.

minio authentication-bypass object-storage

2r 3t Apr 14, 2026

high advisory

MinIO S3 Select CSV Parsing Denial of Service

2 rules 1 TTP

MinIO's S3 Select feature is vulnerable to denial of service due to unbounded memory allocation when processing CSV files without newlines, leading to memory exhaustion and server crashes.

dos minio s3select

2r 1t Apr 9, 2026

high advisory

MinIO SSE Metadata Injection via Replication Headers Leads to Data Unreadability

2 rules 1 TTP

A vulnerability in MinIO allows authenticated users with `s3:PutObject` permission to inject internal server-side encryption metadata into objects via crafted replication headers, leading to permanent data unreadability.

minio s3 metadata-injection denial-of-service

2r 1t Mar 27, 2026