CVE-2026-33322 in MinIOinfo

Zusammenfassung

von MITRE • 24.03.2026

MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and obtain S3 credentials with any policy, including consoleAdmin. This issue has been patched in RELEASE.2026-03-17T21-25-16Z.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Veröffentlichung

24.03.2026

Moderieren

akzeptiert

Eintrag

VDB-351748

CPE

bereit

CWE

CWE-287 (bestätigt)

CVSS

7.3 (VulDB)

EPSS

0.00034

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-33322
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-33322
CVE Details	https://www.cvedetails.com/cve/CVE-2026-33322/

◂ Zurück Übersicht Weiter ▸

Do you need the next level of professionalism?

Upgrade your account now!