What is CVE-2026-33322 — JWT Algorithm Confusion in MinIO?

CVE-2026-33322 is a critical vulnerability in MinIO where an attacker with the OIDC ClientSecret can forge identity tokens, gaining unauthorized access to S3 credentials and potentially full data control.

Am I affected by CVE-2026-33322 in MinIO?

If you are running MinIO versions prior to RELEASE.2026-03-17T21-25-16Z and use OpenID Connect authentication, you are potentially affected by this vulnerability.

How do I fix CVE-2026-33322 in MinIO?

Upgrade to MinIO version RELEASE.2026-03-17T21-25-16Z or later to remediate the vulnerability. Consider rotating the OIDC ClientSecret as a temporary mitigation.

Is CVE-2026-33322 being actively exploited?

While no confirmed exploitation campaigns are publicly known, the vulnerability's severity and ease of exploitation suggest a potential for future attacks.

Where can I find the official MinIO advisory for CVE-2026-33322?

Refer to the official MinIO security advisory for detailed information and updates regarding CVE-2026-33322: [https://docs.min.io/minio/minio-security-advisories](https://docs.min.io/minio/minio-security-advisories)

CVE-2026-33322 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2026-33322 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• linux / server:

journalctl -u minio -g 'oidc token'

• generic web:

curl -I <minio_endpoint>/ -H 'Authorization: Bearer <potentially forged token>'

• linux / server:

lsof -i :9000 | grep minio

• linux / server:

ps aux | grep minio

MinIO possui Confusão de Algoritmo JWT na Autenticação OIDC

Impacto e Cenários de Ataquetraduzindo…

Contexto de Exploraçãotraduzindo…

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativastraduzindo…

Como corrigirtraduzindo…

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2026-33322 — JWT Algorithm Confusion in MinIO?

Am I affected by CVE-2026-33322 in MinIO?

How do I fix CVE-2026-33322 in MinIO?

Is CVE-2026-33322 being actively exploited?

Where can I find the official MinIO advisory for CVE-2026-33322?

Seu projeto está afetado?

Detecte esta CVE no seu projeto