CVE-2026-40344

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-40344
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-40344.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-40344
Aliases
Downstream
Related
Published
2026-04-22T00:49:30.137Z
Modified
2026-06-25T19:56:37.525230093Z
Severity
  • 8.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads
Details

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler (PutObjectExtractHandler) allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is impacted. The attack requires only a valid access key (the well-known default minioadmin, or any key with WRITE permission on a bucket) and a target bucket name. When authTypeStreamingUnsignedTrailer support was added, the new auth type was handled in PutObjectHandler and PutObjectPartHandler but was never added to PutObjectExtractHandler. The snowball auto-extract handler's switch rAuthType block has no case for authTypeStreamingUnsignedTrailer, so execution falls through with zero signature verification. The isPutActionAllowed call before the switch extracts the access key and checks IAM permissions, but does not verify the cryptographic signature. An attacker sends a PUT request with X-Amz-Content-Sha256: STREAMING-UNSIGNED-PAYLOAD-TRAILER, X-Amz-Meta-Snowball-Auto-Extract: true, and an Authorization header containing a valid access key with a completely fabricated signature. The request is accepted and the tar payload is extracted into the bucket. Users of the open-source minio/minio project should upgrade to MinIO AIStor RELEASE.2026-04-11T03-20-12Z or later. If upgrading is not immediately possible, block unsigned-trailer requests at the load balancer. Reject any request containing X-Amz-Content-Sha256: STREAMING-UNSIGNED-PAYLOAD-TRAILER at the reverse proxy or WAF layer. Clients can use STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER (the signed variant) instead. Alternatively, restrict WRITE permissions. Limit s3:PutObject grants to trusted principals. While this reduces the attack surface, it does not eliminate the vulnerability since any user with WRITE permission can exploit it with only their access key.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40344.json",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "RELEASE.2023-05-18T00-05-36Z"
                },
                {
                    "fixed": "RELEASE.2026-04-11T03-20-12Z"
                }
            ]
        }
    ],
    "cwe_ids": [
        "CWE-287",
        "CWE-306"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/minio/minio

Affected ranges

Type
GIT
Repo
https://github.com/minio/minio
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
76913a9fd5c6e5c2dbd4e8c7faf56ed9e9e24091
Database specific 
{
    "source": "REFERENCES"
}

Affected versions

OFFICIAL.*
OFFICIAL.2016-02-08T00-12-28Z
RELEASE.*
RELEASE.2016-03-11T03-45-50Z
RELEASE.2016-03-21T21-08-51Z
RELEASE.2016-04-14T18-38-10Z
RELEASE.2016-06-03T19-32-05Z
RELEASE.2016-07-13T21-46-05Z
RELEASE.2016-08-16T23-19-45Z
RELEASE.2016-08-21T02-44-47Z
RELEASE.2016-09-11T17-42-18Z
RELEASE.2016-12-12T18-35-43Z
RELEASE.2016-12-12T23-44-33Z
RELEASE.2016-12-13T17-19-42Z
RELEASE.2017-08-05T00-00-53Z
RELEASE.2017-09-29T19-16-56Z
RELEASE.2017-10-27T18-59-02Z
RELEASE.2017-11-22T19-55-46Z
RELEASE.2017-12-28T01-21-00Z
RELEASE.2018-01-02T23-07-00Z
RELEASE.2018-01-18T20-33-21Z
RELEASE.2018-02-09T22-40-05Z
RELEASE.2018-03-12T21-25-28Z
RELEASE.2018-03-16T22-52-12Z
RELEASE.2018-03-19T19-22-06Z
RELEASE.2018-03-28T23-45-53Z
RELEASE.2018-03-30T00-38-44Z
RELEASE.2018-04-04T05-20-54Z
RELEASE.2018-04-12T23-41-09Z
RELEASE.2018-04-19T22-54-58Z
RELEASE.2018-04-27T23-33-52Z
RELEASE.2018-05-04T23-13-12Z
RELEASE.2018-05-10T00-00-42Z
RELEASE.2018-05-11T00-29-24Z
RELEASE.2018-05-16T23-35-33Z
RELEASE.2018-05-25T19-49-13Z
RELEASE.2018-06-07T19-10-07Z
RELEASE.2018-06-08T03-49-38Z
RELEASE.2018-06-09T03-43-35Z
RELEASE.2018-06-22T23-48-46Z
RELEASE.2018-06-29T02-11-29Z
RELEASE.2018-07-10T01-42-11Z
RELEASE.2018-07-13T00-09-07Z
RELEASE.2018-07-23T18-34-49Z
RELEASE.2018-07-31T02-11-47Z
RELEASE.2018-08-02T23-11-36Z
RELEASE.2018-08-18T03-49-57Z
RELEASE.2018-08-21T00-37-20Z
RELEASE.2018-08-25T01-56-38Z
RELEASE.2018-09-01T00-38-25Z
RELEASE.2018-09-11T01-39-21Z
RELEASE.2018-09-12T18-49-56Z
RELEASE.2018-09-25T21-34-43Z
RELEASE.2018-10-05T01-03-03Z
RELEASE.2018-10-06T00-15-16Z
RELEASE.2018-10-18T00-28-58Z
RELEASE.2018-10-25T01-27-03Z
RELEASE.2018-11-06T01-01-02Z
RELEASE.2018-11-15T01-26-07Z
RELEASE.2018-11-17T01-23-48Z
RELEASE.2018-11-22T02-51-56Z
RELEASE.2018-11-30T03-56-59Z
RELEASE.2018-12-06T01-27-43Z
RELEASE.2018-12-13T02-04-19Z
RELEASE.2018-12-19T23-46-24Z
RELEASE.2018-12-27T18-33-08Z
RELEASE.2019-01-10T00-21-20Z
RELEASE.2019-01-16T21-44-08Z
RELEASE.2019-01-23T23-18-58Z
RELEASE.2019-01-31T00-31-19Z
RELEASE.2019-02-06T21-16-36Z
RELEASE.2019-02-12T21-58-47Z
RELEASE.2019-02-14T00-21-45Z
RELEASE.2019-02-20T22-44-29Z
RELEASE.2019-02-26T19-51-46Z
RELEASE.2019-03-06T22-47-10Z
RELEASE.2019-03-13T21-59-47Z
RELEASE.2019-03-20T22-38-47Z
RELEASE.2019-03-27T22-35-21Z
RELEASE.2019-04-04T18-31-46Z
RELEASE.2019-04-09T01-22-30Z
RELEASE.2019-04-18T01-15-57Z
RELEASE.2019-04-18T21-44-59Z
RELEASE.2019-04-23T23-50-36Z
RELEASE.2019-05-02T19-07-09Z
RELEASE.2019-05-14T23-57-45Z
RELEASE.2019-05-23T00-29-34Z
RELEASE.2019-06-01T03-46-14Z
RELEASE.2019-06-04T01-15-58Z
RELEASE.2019-06-11T00-44-33Z
RELEASE.2019-06-13T01-41-13Z
RELEASE.2019-06-15T23-07-18Z
RELEASE.2019-06-19T18-24-42Z
RELEASE.2019-06-27T21-13-50Z
RELEASE.2019-07-05T21-20-21Z
RELEASE.2019-07-10T00-34-56Z
RELEASE.2019-07-17T22-54-12Z
RELEASE.2019-07-24T02-02-23Z
RELEASE.2019-07-31T18-57-56Z
RELEASE.2019-08-01T22-18-54Z
RELEASE.2019-08-07T01-59-21Z
RELEASE.2019-08-14T20-37-41Z
RELEASE.2019-08-21T19-40-07Z
RELEASE.2019-08-29T00-25-01Z
RELEASE.2019-09-05T23-24-38Z
RELEASE.2019-09-11T19-53-16Z
RELEASE.2019-09-18T21-55-05Z
RELEASE.2019-09-25T18-25-51Z
RELEASE.2019-09-26T19-42-35Z
RELEASE.2019-10-02T21-19-38Z
RELEASE.2019-10-11T00-38-09Z
RELEASE.2019-10-12T01-39-57Z
RELEASE.2019-12-17T23-16-33Z
RELEASE.2019-12-19T22-52-26Z
RELEASE.2019-12-24T23-04-45Z
RELEASE.2019-12-30T05-45-39Z
RELEASE.2020-01-03T19-12-21Z
RELEASE.2020-01-16T03-05-44Z
RELEASE.2020-01-16T22-40-29Z
RELEASE.2020-01-25T02-50-51Z
RELEASE.2020-02-07T04-56-50Z
RELEASE.2020-02-07T23-28-16Z
RELEASE.2020-02-20T22-51-23Z
RELEASE.2020-02-27T00-23-05Z
RELEASE.2020-03-05T01-04-19Z
RELEASE.2020-03-06T22-23-56Z
RELEASE.2020-03-09T18-26-53Z
RELEASE.2020-03-14T02-21-58Z
RELEASE.2020-03-19T21-49-00Z
RELEASE.2020-03-25T07-03-04Z
RELEASE.2020-04-02T21-34-49Z
RELEASE.2020-04-04T05-39-31Z
RELEASE.2020-04-10T03-34-42Z
RELEASE.2020-04-15T00-39-01Z
RELEASE.2020-04-15T19-42-18Z
RELEASE.2020-04-22T00-11-12Z
RELEASE.2020-04-23T00-58-49Z
RELEASE.2020-04-28T23-56-56Z
RELEASE.2020-05-01T22-19-14Z
RELEASE.2020-05-06T23-23-25Z
RELEASE.2020-05-08T02-40-49Z
RELEASE.2020-05-16T01-33-21Z
RELEASE.2020-05-28T23-29-21Z
RELEASE.2020-05-29T14-08-49Z
RELEASE.2020-06-01T17-28-03Z
RELEASE.2020-06-03T22-13-49Z
RELEASE.2020-06-12T00-06-19Z
RELEASE.2020-07-11T06-07-16Z
RELEASE.2020-07-11T21-14-23Z
RELEASE.2020-07-12T19-14-17Z
RELEASE.2020-07-13T18-09-56Z
RELEASE.2020-07-14T19-14-30Z
RELEASE.2020-07-18T18-48-16Z
RELEASE.2020-07-20T02-25-16Z
RELEASE.2020-07-22T00-26-33Z
RELEASE.2020-07-24T22-43-05Z
RELEASE.2020-07-27T18-37-02Z
RELEASE.2020-07-31T03-39-05Z
RELEASE.2020-08-04T23-10-51Z
RELEASE.2020-08-05T21-34-13Z
RELEASE.2020-08-07T01-23-07Z
RELEASE.2020-08-08T04-50-06Z
RELEASE.2020-08-13T02-39-50Z
RELEASE.2020-08-16T18-39-38Z
RELEASE.2020-08-18T19-41-00Z
RELEASE.2020-08-25T00-21-20Z
RELEASE.2020-08-26T00-00-49Z
RELEASE.2020-08-27T05-16-20Z
RELEASE.2020-09-02T18-19-50Z
RELEASE.2020-09-05T07-14-49Z
RELEASE.2020-09-08T23-05-18Z
RELEASE.2020-09-10T22-02-45Z
RELEASE.2020-09-16T04-22-35Z
RELEASE.2020-09-17T04-49-20Z
RELEASE.2020-09-21T22-31-59Z
RELEASE.2020-09-23T19-18-30Z
RELEASE.2020-09-26T03-44-56Z
RELEASE.2020-10-03T02-19-42Z
RELEASE.2020-10-09T22-55-05Z
RELEASE.2020-10-12T21-53-21Z
RELEASE.2020-10-18T21-54-12Z
RELEASE.2020-10-27T04-03-55Z
RELEASE.2020-10-28T08-16-50Z
RELEASE.2020-11-06T23-17-07Z
RELEASE.2020-11-10T21-02-24Z
RELEASE.2020-11-12T22-33-34Z
RELEASE.2020-11-13T20-10-18Z
RELEASE.2020-11-19T23-48-16Z
RELEASE.2020-11-25T22-36-25Z
RELEASE.2020-12-03T00-03-10Z
RELEASE.2020-12-03T05-49-24Z
RELEASE.2020-12-10T01-54-29Z
RELEASE.2020-12-12T08-39-07Z
RELEASE.2020-12-16T05-05-17Z
RELEASE.2020-12-18T03-27-42Z
RELEASE.2020-12-23T02-24-12Z
RELEASE.2020-12-26T01-35-54Z
RELEASE.2020-12-29T23-29-29Z
RELEASE.2021-01-05T05-22-38Z
RELEASE.2021-01-08T21-18-21Z
RELEASE.2021-01-16T02-19-44Z
RELEASE.2021-01-30T00-20-58Z
RELEASE.2021-02-01T22-56-52Z
RELEASE.2021-02-07T01-31-02Z
RELEASE.2021-02-11T08-23-43Z
RELEASE.2021-02-14T04-01-33Z
RELEASE.2021-02-19T04-38-02Z
RELEASE.2021-02-23T20-05-01Z
RELEASE.2021-02-24T18-44-45Z
RELEASE.2021-03-01T04-20-55Z
RELEASE.2021-03-04T00-53-13Z
RELEASE.2021-03-10T05-11-33Z
RELEASE.2021-03-12T00-00-47Z
RELEASE.2021-03-17T02-33-02Z
RELEASE.2021-03-26T00-00-41Z
RELEASE.2021-04-18T19-26-29Z
RELEASE.2021-04-22T15-44-28Z
RELEASE.2021-05-11T23-27-41Z
RELEASE.2021-05-16T05-32-34Z
RELEASE.2021-05-18T00-53-28Z
RELEASE.2021-05-20T22-31-44Z
RELEASE.2021-05-22T02-34-39Z
RELEASE.2021-05-26T00-22-46Z
RELEASE.2021-05-27T22-06-31Z
RELEASE.2021-06-07T21-40-51Z
RELEASE.2021-06-09T18-51-39Z
RELEASE.2021-06-14T01-29-23Z
RELEASE.2021-06-17T00-10-46Z
RELEASE.2021-07-08T01-15-01Z
RELEASE.2021-07-08T19-43-25Z
RELEASE.2021-07-12T02-44-53Z
RELEASE.2021-07-15T22-27-34Z
RELEASE.2021-07-21T22-15-23Z
RELEASE.2021-07-22T05-23-32Z
RELEASE.2021-07-27T02-40-15Z
RELEASE.2021-07-30T00-02-00Z
RELEASE.2021-08-05T22-01-19Z
RELEASE.2021-08-17T20-53-08Z
RELEASE.2021-08-20T18-32-01Z
RELEASE.2021-08-25T00-41-18Z
RELEASE.2021-08-31T05-46-54Z
RELEASE.2021-09-03T03-56-13Z
RELEASE.2021-09-09T21-37-07Z
RELEASE.2021-09-15T04-54-25Z
RELEASE.2021-09-18T18-09-59Z
RELEASE.2021-09-23T04-46-24Z
RELEASE.2021-09-24T00-24-24Z
RELEASE.2021-10-02T16-31-05Z
RELEASE.2021-10-06T23-36-31Z
RELEASE.2021-10-08T23-58-24Z
RELEASE.2021-10-10T16-53-30Z
RELEASE.2021-10-13T00-23-17Z
RELEASE.2021-10-23T03-28-24Z
RELEASE.2021-10-27T16-29-42Z
RELEASE.2021-11-03T03-36-36Z
RELEASE.2021-11-05T09-16-26Z
RELEASE.2021-11-09T03-21-45Z
RELEASE.2021-11-24T23-19-33Z
RELEASE.2021-12-09T06-19-41Z
RELEASE.2021-12-10T23-03-39Z
RELEASE.2021-12-18T04-42-33Z
RELEASE.2021-12-20T22-07-16Z
RELEASE.2021-12-27T07-23-18Z
RELEASE.2021-12-29T06-49-06Z
RELEASE.2022-01-03T18-22-58Z
RELEASE.2022-01-04T07-41-07Z
RELEASE.2022-01-07T01-53-23Z
RELEASE.2022-01-08T03-11-54Z
RELEASE.2022-01-25T19-56-04Z
RELEASE.2022-01-27T03-53-02Z
RELEASE.2022-01-28T02-28-16Z
RELEASE.2022-02-01T18-00-14Z
RELEASE.2022-02-05T04-40-59Z
RELEASE.2022-02-07T08-17-33Z
RELEASE.2022-02-12T00-51-25Z
RELEASE.2022-02-16T00-35-27Z
RELEASE.2022-02-17T23-22-26Z
RELEASE.2022-02-18T01-50-10Z
RELEASE.2022-02-24T22-12-01Z
RELEASE.2022-02-26T02-54-46Z
RELEASE.2022-03-03T21-21-16Z
RELEASE.2022-03-05T06-32-39Z
RELEASE.2022-03-08T22-28-51Z
RELEASE.2022-03-11T11-08-23Z
RELEASE.2022-03-11T23-57-45Z
RELEASE.2022-03-14T18-25-24Z
RELEASE.2022-03-17T02-57-36Z
RELEASE.2022-03-17T06-34-49Z
RELEASE.2022-03-22T02-05-10Z
RELEASE.2022-03-24T00-43-44Z
RELEASE.2022-03-26T06-49-28Z
RELEASE.2022-04-01T03-41-39Z
RELEASE.2022-04-08T19-44-35Z
RELEASE.2022-04-09T15-09-52Z
RELEASE.2022-04-12T06-55-35Z
RELEASE.2022-04-16T04-26-02Z
RELEASE.2022-04-26T01-20-24Z
RELEASE.2022-04-29T01-27-09Z
RELEASE.2022-04-30T22-23-53Z
RELEASE.2022-05-03T20-36-08Z
RELEASE.2022-05-04T07-45-27Z
RELEASE.2022-05-08T23-50-31Z
RELEASE.2022-05-19T18-20-59Z
RELEASE.2022-05-23T18-45-11Z
RELEASE.2022-05-26T05-48-41Z
RELEASE.2022-06-02T02-11-04Z
RELEASE.2022-06-02T16-16-26Z
RELEASE.2022-06-03T01-40-53Z
RELEASE.2022-06-06T23-14-52Z
RELEASE.2022-06-07T00-33-41Z
RELEASE.2022-06-10T16-59-15Z
RELEASE.2022-06-11T19-55-32Z
RELEASE.2022-06-17T02-00-35Z
RELEASE.2022-06-20T23-13-45Z
RELEASE.2022-06-25T15-50-16Z
RELEASE.2022-06-30T20-58-09Z
RELEASE.2022-07-04T21-02-54Z
RELEASE.2022-07-06T20-29-49Z
RELEASE.2022-07-08T00-05-23Z
RELEASE.2022-07-13T23-29-44Z
RELEASE.2022-07-15T03-44-22Z
RELEASE.2022-07-17T15-43-14Z
RELEASE.2022-07-24T01-54-52Z
RELEASE.2022-07-24T17-09-31Z
RELEASE.2022-07-26T00-53-03Z
RELEASE.2022-07-29T19-40-48Z
RELEASE.2022-07-30T05-21-40Z
RELEASE.2022-08-02T23-59-16Z
RELEASE.2022-08-05T23-27-09Z
RELEASE.2022-08-08T18-34-09Z
RELEASE.2022-08-11T04-37-28Z
RELEASE.2022-08-13T21-54-44Z
RELEASE.2022-08-22T23-53-06Z
RELEASE.2022-08-25T07-17-05Z
RELEASE.2022-08-26T19-53-15Z
RELEASE.2022-09-01T23-53-36Z
RELEASE.2022-09-07T22-25-02Z
RELEASE.2022-09-17T00-09-45Z
RELEASE.2022-09-22T18-57-27Z
RELEASE.2022-09-25T15-44-53Z
RELEASE.2022-10-02T19-29-29Z
RELEASE.2022-10-05T14-58-27Z
RELEASE.2022-10-08T20-11-00Z
RELEASE.2022-10-15T19-57-03Z
RELEASE.2022-10-20T00-55-09Z
RELEASE.2022-10-21T22-37-48Z
RELEASE.2022-10-24T18-35-07Z
RELEASE.2022-10-29T06-21-33Z
RELEASE.2022-11-08T05-27-07Z
RELEASE.2022-11-10T18-20-21Z
RELEASE.2022-11-11T03-44-20Z
RELEASE.2022-11-17T23-20-09Z
RELEASE.2022-11-26T22-43-32Z
RELEASE.2022-11-29T23-40-49Z
RELEASE.2022-12-02T19-19-22Z
RELEASE.2022-12-07T00-56-37Z
RELEASE.2022-12-12T19-27-27Z
RELEASE.2023-01-02T09-40-09Z
RELEASE.2023-01-06T18-11-18Z
RELEASE.2023-01-12T02-06-16Z
RELEASE.2023-01-18T04-36-38Z
RELEASE.2023-01-20T02-05-44Z
RELEASE.2023-01-25T00-19-54Z
RELEASE.2023-01-31T02-24-19Z
RELEASE.2023-02-09T05-16-53Z
RELEASE.2023-02-10T18-48-39Z
RELEASE.2023-02-17T17-52-43Z
RELEASE.2023-02-22T18-23-45Z
RELEASE.2023-02-27T18-10-45Z
RELEASE.2023-03-09T23-16-13Z
RELEASE.2023-03-13T19-46-17Z
RELEASE.2023-03-20T20-16-18Z
RELEASE.2023-03-22T06-36-24Z
RELEASE.2023-03-24T21-41-23Z
RELEASE.2023-04-07T05-28-58Z
RELEASE.2023-04-13T03-08-07Z
RELEASE.2023-04-20T17-56-55Z
RELEASE.2023-04-28T18-11-17Z
RELEASE.2023-05-04T21-44-30Z
Other
release-1434511043

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-40344.json"