"CVE-2026-40344: MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads"
"CVE-2026-41145: Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads"
"CVE-2026-33322: JWT Algorithm Confusion in OIDC Authentication"
"CVE-2026-33419: LDAP login brute-force via user enumeration and missing rate limit"
"CVE-2026-34204: SSE Metadata Injection via Replication Headers"
"CVE-2026-39414: DoS via Unbounded Memory Allocation in S3 Select CSV Parsing"
"minio has been abandoned by upstream and security issues won't be fixed. Users should migrate to alternatives such as Garage, SeaweedFS, or Ceph. S3-compatible clients such as rclone can be used to move data."
