Docker
CVE-2026-34204
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionGitHub Advisory
Impact
_What kind of vulnerability is it? Who is impacted?_
A flaw in extractMetadataFromMime() allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-* headers on a normal PutObject request. The server unconditionally maps these headers to X-Minio-Internal-* encryption metadata without verifying that the request is a legitimate replication request. Objects written this way carry bogus encryption keys and become permanently unreadable through the S3 API.
Any authenticated user or service with s3:PutObject permission on any bucket can make objects permanently unreadable by injecting fake SSE encryption metadata. The attacker sends a standard PutObject request with X-Minio-Replication-Server-Side-Encryption-* headers but without the X-Minio-Source-Replication-Request header that marks legitimate replication traffic. The server maps these headers to internal encryption metadata (X-Minio-Internal-Server-Side-Encryption-Sealed-Key, etc.), causing all subsequent GetObject and HeadObject calls to treat the object as encrypted with keys that do not exist.
This is a targeted denial-of-service vulnerability. An attacker can selectively corrupt individual objects or entire buckets. The ReplicateObjectAction IAM permission is never checked because the request is a normal PutObject, not a replication request.
Affected component: cmd/handler-utils.go, function extractMetadataFromMime().
Affected Versions
All MinIO releases through the final release of the minio/minio open-source project.
The vulnerability was introduced in commit 468a9fae83e965ecefa1c1fdc2fc57b84ece95b0 ("Enable replication of SSE-C objects", PR #19107, 2024-03-28). The first affected release is RELEASE.2024-03-30T09-41-56Z.
Patches
Fixed in: MinIO AIStor RELEASE.2026-03-26T21-24-40Z
Binary Downloads
| Platform | Architecture | Download |
|---|---|---|
| Linux | amd64 | minio |
| Linux | arm64 | minio |
| macOS | arm64 | minio |
| macOS | amd64 | minio |
| Windows | amd64 | minio.exe |
FIPS Binaries
| Platform | Architecture | Download |
|---|---|---|
| Linux | amd64 | minio.fips |
| Linux | arm64 | minio.fips |
Package Downloads
| Format | Architecture | Download |
|---|---|---|
| DEB | amd64 | minio_20260326212440.0.0_amd64.deb |
| DEB | arm64 | minio_20260326212440.0.0_arm64.deb |
| RPM | amd64 | minio-20260326212440.0.0-1.x86_64.rpm |
| RPM | arm64 | minio-20260326212440.0.0-1.aarch64.rpm |
Container Images
# Standard
docker pull quay.io/minio/aistor/minio:RELEASE.2026-03-26T21-24-40Z
podman pull quay.io/minio/aistor/minio:RELEASE.2026-03-26T21-24-40Z
# FIPS
docker pull quay.io/minio/aistor/minio:RELEASE.2026-03-26T21-24-40Z.fips
podman pull quay.io/minio/aistor/minio:RELEASE.2026-03-26T21-24-40Z.fipsHomebrew (macOS)
brew install minio/aistor/minioWorkarounds
If upgrading is not immediately possible:
- Restrict replication headers at a reverse proxy / load balancer. Drop or reject any request containing
X-Minio-Replication-Server-Side-Encryption-*headers that does not also carryX-Minio-Source-Replication-Request. This blocks the injection path without modifying the server. - Audit IAM policies. Limit
s3:PutObjectgrants to trusted principals. While this reduces the attack surface, it does not eliminate the vulnerability since any authorized user can exploit it.
References
- Introducing commit:
468a9fae8(PR #19107) - MinIO AIStor
AnalysisAI
Authentication bypass in MinIO allows any authenticated user with s3:PutObject permission to permanently corrupt objects by injecting fake server-side encryption metadata via crafted X-Minio-Replication-* headers. Attackers can selectively render individual objects or entire buckets permanently unreadable through the S3 API without requiring elevated ReplicateObjectAction permissions. Affects all MinIO releases from RELEASE.2024-03-30T09-41-56Z through the final open-source release. Vendor-released patch available in MinIO AIStor RELEASE.2026-03-26T21-24-40Z. No public exploit identified at time of analysis, though the attack mechanism is well-documented in the advisory.
Technical ContextAI
The vulnerability resides in the extractMetadataFromMime() function within cmd/handler-utils.go of MinIO's object storage server. MinIO implements S3-compatible object storage with support for server-side encryption and cross-site replication. During legitimate replication operations, MinIO uses internal headers (X-Minio-Internal-Server-Side-Encryption-*) to carry encryption metadata between clusters. The flawed code unconditionally maps user-supplied X-Minio-Replication-Server-Side-Encryption-* headers from PutObject requests to these internal encryption metadata fields without validating the presence of X-Minio-Source-Replication-Request, which distinguishes legitimate replication traffic from normal client requests. This CWE-287 (Improper Authentication) flaw means the server trusts client-provided replication headers as if they originated from an authenticated replication source. The injected bogus encryption keys cause the object's metadata to reference non-existent decryption material, making all subsequent GetObject and HeadObject operations fail permanently. The vulnerability was introduced in commit 468a9fae8 (PR #19107, March 2024) when SSE-C replication support was added, affecting the Go-based MinIO server package (pkg:go/github.com_minio_minio).
RemediationAI
Upgrade immediately to MinIO AIStor RELEASE.2026-03-26T21-24-40Z or later, which contains the complete fix for the metadata injection flaw. The patched release is available through multiple distribution channels: direct binary downloads for Linux (amd64/arm64), macOS (amd64/arm64), and Windows (amd64) from dl.min.io, FIPS-compliant binaries for regulated environments, DEB and RPM packages for Debian/Ubuntu and RHEL/CentOS systems, container images via quay.io/minio/aistor/minio:RELEASE.2026-03-26T21-24-40Z (both standard and FIPS variants), and Homebrew installation on macOS (brew install minio/aistor/minio). Community edition users must migrate to MinIO AIStor per the upgrade documentation at docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/community-edition. If immediate patching is not feasible, implement a reverse proxy or load balancer rule to reject any HTTP request containing X-Minio-Replication-Server-Side-Encryption-* headers that lacks the accompanying X-Minio-Source-Replication-Request header. Additionally, audit IAM policies to restrict s3:PutObject grants to only trusted principals, though this workaround reduces but does not eliminate risk since any authorized user remains a potential threat actor.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: HighShare
External POC / Exploit Code
Leaving vuln.today
GHSA-3rh2-v3gr-35p9