BIT-minio-2026-33322
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/minio/BIT-minio-2026-33322.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-minio-2026-33322
- Aliases
-
- CVE-2026-33322
- GHSA-5cx5-wh4m-82fh
- GO-2026-4779
- Published
- 2026-03-27T07:07:59.802Z
- Modified
- 2026-03-27T08:56:22.122586Z
- Summary
- MinIO: JWT Algorithm Confusion in OIDC Authentication
- Details
-
MinIO is a high-performance object storage system. From 2022.11.08 to before 2026.03.17, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and obtain S3 credentials with any policy, including consoleAdmin. This issue has been patched in 2026.03.17.
- Database specific
{ "cpes": [ "cpe:2.3:a:minio:minio:*:*:*:*:*:go:*:*" ], "severity": "Critical" }- References
Affected packages
Bitnami / minio
Package
- Name
- minio
- Purl
- pkg:bitnami/minio
Severity
- 9.2 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator