CVE-2026-34204 Minio — Exploit & Vulnerability Details HIGH

CVE-2026-34204

HIGH CVSS 4.0: 7.1 EPSS 0.03%

Parameter	Value
CVSS	7.1 (HIGH)
Affected Versions	before 2026-03-26t21-24-40z
Fixed In	2026-03-26t21-24-40z
Type	CWE-287 (Improper Authentication)
Vendor	Minio
Public PoC	No

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime() allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-* headers on a normal PutObject request. This issue has been patched in version RELEASE.2026-03-26T21-24-40Z.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

Low

Partial data modification

Availability

High

Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-287 Improper Authentication

Vulnerable Products 1

Configuration	From (including)	Up to (excluding)
Minio Minio cpe:2.3:a:minio:minio::::::::	—	`2026-03-26t21-24-40z`

References 1

https://github.com/minio/minio/security/advisories/GHSA-3rh2-v3gr-35p9

security-advisories@github.com

Share Post Share Share Share

Menu

CVE-2026-34204

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

Vulnerable Products 1

References 1

CVE Details

Editor's Choice

Menu

CVE-2026-34204

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

Vulnerable Products 1

References 1

CVE Details

Editor's Choice

Stay informed on cybersecurity