QSearchQSearch

CVE-2021-41137

8.8 HIGH

Minio is a Kubernetes native application for cloud storage

Published: 2021-10-13 · Last updated: 2026-06-17

Severity and scoring

CVSS
8.8 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-285

Affected products

VendorProduct
miniominio

Description

Minio is a Kubernetes native application for cloud storage. All users on release `RELEASE.2021-10-10T16-53-30Z` are affected by a vulnerability that involves bypassing policy restrictions on regular users. Normally, checkKeyValid() should return owner true for rootCreds. In the affected version, policy restriction did not work properly for users who did not have service (svc) or security token service (STS) accounts. This issue is fixed in `RELEASE.2021-10-13T00-23-17Z`. A downgrade back to release `RELEASE.2021-10-08T23-58-24Z` is available as a workaround.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-42600 MinIO is a high-performance object storage system (4.9 MEDIUM)

Same CWE

  • CVE-2026-12213 A vulnerability was found in hcengineering Huly Platform up to 0.7.0 (4.3 MEDIUM)
  • CVE-2026-12204 A vulnerability was determined in ShopXO up to 6.7.1 (7.3 HIGH)
  • CVE-2026-12190 A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android (5.3 MEDIUM)
  • CVE-2026-12189 A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android (5.3 MEDIUM)
  • CVE-2026-49397 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (5.3 MEDIUM)