CVE-2026-33322 in MinIOinformação

Sumário

de MITRE • 24/03/2026

MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and obtain S3 credentials with any policy, including consoleAdmin. This issue has been patched in RELEASE.2026-03-17T21-25-16Z.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Divulgação

24/03/2026

Moderação

aceite

Entrada

VDB-351748

CPE

pronto

CWE

CWE-287 (confirmado)

CVSS

7.3 (VulDB)

EPSS

0.00034

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-33322
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-33322
CVE Details	https://www.cvedetails.com/cve/CVE-2026-33322/

◂ Voltar Visão Geral Próximo ▸

Do you need the next level of professionalism?

Upgrade your account now!