GHSA-XH8F-G2QW-GCM7

Vulnerability from github – Published: 2026-05-05 20:05 – Updated: 2026-05-13 14:20
VLAI
Summary
MinIO vulnerable to Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint
Details

Impact

What kind of vulnerability is it? Who is impacted?

A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configured drive roots, bounded only by the MinIO process UID.

Distributed-erasure (multi-node) MinIO deployments are impacted. Single-node standalone deployments do not register the route and are not affected. The attack requires an HS512 JWT signed with MINIO_ROOT_PASSWORD and carrying accessKey = MINIO_ROOT_USER — the same secret every peer in the cluster holds to authenticate internode traffic, so a compromised peer or any actor in possession of the root credential can mint one.

The ReadMultiple handler (cmd/storage-rest-server.go) decodes a msgpack ReadMultipleReq body containing Bucket, Prefix, and Files fields and forwards them to xlStorage.ReadMultiple (cmd/xl-storage.go) without validation:

volumeDir := pathJoin(s.drivePath, req.Bucket)          // traversal resolves here
for _, f := range req.Files {
    fullPath := pathJoin(volumeDir, req.Prefix, f)
    data, mt, err = s.readAllDataWithDMTime(ctx, req.Bucket, volumeDir, fullPath)
}

pathJoin calls path.Clean, which resolves .. components and produces an absolute path anywhere on the filesystem — it is not a root jail. The global setRequestValidityMiddleware rejects .. in r.URL.Path and r.Form but does not inspect request bodies, so msgpack-encoded traversal bypasses it. Sibling storage methods (StatInfoFile, ReadFileHandler, ReadVersion) validate their volume argument through s.getVolDir(volume), which rejects ..; ReadMultiple skips this call.

The attacker sends POST /minio/storage/{drivePath}/v63/rmpl with a msgpack-encoded body carrying ../ sequences in the Bucket field. The server opens the resulting path via os.OpenFile with O_RDONLY|O_NOATIME and returns its contents in the msgpack response stream.

Impact by deployment:

  • Bare-metal with User=minio in the systemd unit — the O_NOATIME ownership check bounds the read to files owned by the MinIO UID. Reachable secrets include TLS private keys, KMS/KES key material, systemd credentials, and data belonging to other tenants sharing the same UID on the host. Secrets leaked this way persist across cluster credential rotation.

  • Containerized running as UID 0 (the historical default for the official Docker image, docker-compose examples, and Helm charts without securityContext.runAsNonRoot) — the primitive escalates to arbitrary host-filesystem disclosure: /etc/shadow, /root/**, Kubernetes service-account tokens, cloud-init metadata caches.

Affected components: cmd/storage-rest-server.go (ReadMultiple handler), cmd/xl-storage.go (xlStorage.ReadMultiple).

CWE: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory — 'Path Traversal')

CVSS v4.0 Score: 6.9 (Medium)

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Versions

All MinIO releases from RELEASE.2022-07-24T01-54-52Z through the final release of the minio/minio open-source project, RELEASE.2025-09-07T16-13-09Z.

The vulnerability was introduced in commit f939d1c18 ("Independent Multipart Uploads", PR #15346), which added the ReadMultiple storage-REST endpoint as part of the multipart upload redesign. The first affected release is RELEASE.2022-07-24T01-54-52Z.

Patches

Fixed in: MinIO AIStor RELEASE.2026-04-14T21-32-45Z (recommended upgrade target). The fix — which removed the ReadMultiple handler, the corresponding storage-driver method, the msgpack datatypes, the REST-client wrapper, and the route registration — first shipped in MinIO AIStor RELEASE.2024-10-23T19-38-07Z. Every AIStor release from RELEASE.2024-10-23T19-38-07Z onward is unaffected; users should upgrade to RELEASE.2026-04-14T21-32-45Z or later to pick up the accumulated fixes and improvements shipped since.

Binary Downloads

Platform Architecture Download
Linux amd64 minio
Linux arm64 minio
macOS arm64 minio
macOS amd64 minio
Windows amd64 minio.exe

FIPS Binaries

Platform Architecture Download
Linux amd64 minio.fips
Linux arm64 minio.fips

Package Downloads

Format Architecture Download
DEB amd64 minio_20260414213245.0.0_amd64.deb
DEB arm64 minio_20260414213245.0.0_arm64.deb
RPM amd64 minio-20260414213245.0.0-1.x86_64.rpm
RPM arm64 minio-20260414213245.0.0-1.aarch64.rpm

Container Images

# Standard
docker pull quay.io/minio/aistor/minio:RELEASE.2026-04-14T21-32-45Z
podman pull quay.io/minio/aistor/minio:RELEASE.2026-04-14T21-32-45Z

# FIPS
docker pull quay.io/minio/aistor/minio:RELEASE.2026-04-14T21-32-45Z.fips
podman pull quay.io/minio/aistor/minio:RELEASE.2026-04-14T21-32-45Z.fips

Homebrew (macOS)

brew install minio/aistor/minio

Workarounds

If upgrading is not immediately possible:

  • Rotate the root credential and restrict who holds it. The exploit requires a JWT signed with MINIO_ROOT_PASSWORD. Treat the root credential as the host-filesystem disclosure primitive that it is: rotate it after any suspected exposure, store it only in the secret manager that bootstraps the cluster, and do not hand it to applications or operators who only need object-level access.

  • Do not run the MinIO container as UID 0. Set securityContext.runAsNonRoot: true (and a non-zero runAsUser) in Kubernetes manifests, or add --user to docker run. This reduces the blast radius from arbitrary host-filesystem disclosure to MinIO-UID-owned files only.

  • Restrict the internode storage-REST port at the network layer. In distributed deployments, the storage-REST route is served on the same port as the S3 API by default. Where feasible, use --internode-port to expose internode traffic on a separate interface reachable only from other cluster peers, and block that interface from client networks.

Credits

  • Finders: Discovered by Claude, Anthropic's AI assistant, and triaged by Adrian Denkiewicz at Doyensec in collaboration with Anthropic Research.

Resources

Severity
6.9 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/minio/minio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0-20220724015452"
            },
            {
              "fixed": "0.0.0-20260414213245"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42600"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T20:05:05Z",
    "nvd_published_at": "2026-05-11T22:22:11Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\n_What kind of vulnerability is it? Who is impacted?_\n\nA path traversal vulnerability in MinIO\u0027s `ReadMultiple` internode storage-REST\nendpoint allows a caller holding the cluster root JWT to read files from\noutside the configured drive roots, bounded only by the MinIO process UID.\n\nDistributed-erasure (multi-node) MinIO deployments are impacted. Single-node\nstandalone deployments do not register the route and are not affected. The\nattack requires an HS512 JWT signed with `MINIO_ROOT_PASSWORD` and carrying\n`accessKey = MINIO_ROOT_USER` \u2014 the same secret every peer in the cluster\nholds to authenticate internode traffic, so a compromised peer or any actor in\npossession of the root credential can mint one.\n\nThe `ReadMultiple` handler (`cmd/storage-rest-server.go`) decodes a msgpack\n`ReadMultipleReq` body containing `Bucket`, `Prefix`, and `Files` fields and\nforwards them to `xlStorage.ReadMultiple` (`cmd/xl-storage.go`) without\nvalidation:\n\n```go\nvolumeDir := pathJoin(s.drivePath, req.Bucket)          // traversal resolves here\nfor _, f := range req.Files {\n    fullPath := pathJoin(volumeDir, req.Prefix, f)\n    data, mt, err = s.readAllDataWithDMTime(ctx, req.Bucket, volumeDir, fullPath)\n}\n```\n\n`pathJoin` calls `path.Clean`, which resolves `..` components and produces an\nabsolute path anywhere on the filesystem \u2014 it is not a root jail. The global\n`setRequestValidityMiddleware` rejects `..` in `r.URL.Path` and `r.Form` but\ndoes not inspect request bodies, so msgpack-encoded traversal bypasses it.\nSibling storage methods (`StatInfoFile`, `ReadFileHandler`, `ReadVersion`)\nvalidate their volume argument through `s.getVolDir(volume)`, which rejects\n`..`; `ReadMultiple` skips this call.\n\nThe attacker sends `POST /minio/storage/{drivePath}/v63/rmpl` with a\nmsgpack-encoded body carrying `../` sequences in the `Bucket` field. The\nserver opens the resulting path via `os.OpenFile` with `O_RDONLY|O_NOATIME`\nand returns its contents in the msgpack response stream.\n\n**Impact by deployment:**\n\n- **Bare-metal with `User=minio` in the systemd unit** \u2014 the `O_NOATIME`\n  ownership check bounds the read to files owned by the MinIO UID. Reachable\n  secrets include TLS private keys, KMS/KES key material, systemd credentials,\n  and data belonging to other tenants sharing the same UID on the host.\n  Secrets leaked this way persist across cluster credential rotation.\n\n- **Containerized running as UID 0** (the historical default for the official\n  Docker image, `docker-compose` examples, and Helm charts without\n  `securityContext.runAsNonRoot`) \u2014 the primitive escalates to arbitrary\n  host-filesystem disclosure: `/etc/shadow`, `/root/**`, Kubernetes\n  service-account tokens, cloud-init metadata caches.\n\n**Affected components:** `cmd/storage-rest-server.go` (`ReadMultiple` handler),\n`cmd/xl-storage.go` (`xlStorage.ReadMultiple`).\n\n**CWE:** CWE-22 (Improper Limitation of a Pathname to a Restricted Directory\n\u2014 \u0027Path Traversal\u0027)\n\n**CVSS v4.0 Score:** 6.9 (Medium)\n\n**Vector:** `CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N`\n\n### Affected Versions\n\nAll MinIO releases from `RELEASE.2022-07-24T01-54-52Z` through the final\nrelease of the minio/minio open-source project, `RELEASE.2025-09-07T16-13-09Z`.\n\nThe vulnerability was introduced in commit\n[`f939d1c18`](https://github.com/minio/minio/commit/f939d1c1831c71f4b1c14df6d9cd62b12ccce7a3)\n(\"Independent Multipart Uploads\",\n[PR #15346](https://github.com/minio/minio/pull/15346)), which added the\n`ReadMultiple` storage-REST endpoint as part of the multipart upload\nredesign. The first affected release is `RELEASE.2022-07-24T01-54-52Z`.\n\n### Patches\n\n**Fixed in**: MinIO AIStor `RELEASE.2026-04-14T21-32-45Z` (recommended\nupgrade target). The fix \u2014 which removed the `ReadMultiple` handler, the\ncorresponding storage-driver method, the msgpack datatypes, the REST-client\nwrapper, and the route registration \u2014 first shipped in **MinIO AIStor\n`RELEASE.2024-10-23T19-38-07Z`**. Every AIStor release from\n`RELEASE.2024-10-23T19-38-07Z` onward is unaffected; users should upgrade to\n`RELEASE.2026-04-14T21-32-45Z` or later to pick up the accumulated fixes and\nimprovements shipped since.\n\n#### Binary Downloads\n\n| Platform | Architecture | Download                                                                    |\n| -------- | ------------ | --------------------------------------------------------------------------- |\n| Linux    | amd64        | [minio](https://dl.min.io/aistor/minio/release/linux-amd64/minio)           |\n| Linux    | arm64        | [minio](https://dl.min.io/aistor/minio/release/linux-arm64/minio)           |\n| macOS    | arm64        | [minio](https://dl.min.io/aistor/minio/release/darwin-arm64/minio)          |\n| macOS    | amd64        | [minio](https://dl.min.io/aistor/minio/release/darwin-amd64/minio)          |\n| Windows  | amd64        | [minio.exe](https://dl.min.io/aistor/minio/release/windows-amd64/minio.exe) |\n\n#### FIPS Binaries\n\n| Platform | Architecture | Download                                                                    |\n| -------- | ------------ | --------------------------------------------------------------------------- |\n| Linux    | amd64        | [minio.fips](https://dl.min.io/aistor/minio/release/linux-amd64/minio.fips) |\n| Linux    | arm64        | [minio.fips](https://dl.min.io/aistor/minio/release/linux-arm64/minio.fips) |\n\n#### Package Downloads\n\n| Format | Architecture | Download                                                                                                                            |\n| ------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------- |\n| DEB    | amd64        | [minio_20260414213245.0.0_amd64.deb](https://dl.min.io/aistor/minio/release/linux-amd64/minio_20260414213245.0.0_amd64.deb)         |\n| DEB    | arm64        | [minio_20260414213245.0.0_arm64.deb](https://dl.min.io/aistor/minio/release/linux-arm64/minio_20260414213245.0.0_arm64.deb)         |\n| RPM    | amd64        | [minio-20260414213245.0.0-1.x86_64.rpm](https://dl.min.io/aistor/minio/release/linux-amd64/minio-20260414213245.0.0-1.x86_64.rpm)   |\n| RPM    | arm64        | [minio-20260414213245.0.0-1.aarch64.rpm](https://dl.min.io/aistor/minio/release/linux-arm64/minio-20260414213245.0.0-1.aarch64.rpm) |\n\n#### Container Images\n\n```bash\n# Standard\ndocker pull quay.io/minio/aistor/minio:RELEASE.2026-04-14T21-32-45Z\npodman pull quay.io/minio/aistor/minio:RELEASE.2026-04-14T21-32-45Z\n\n# FIPS\ndocker pull quay.io/minio/aistor/minio:RELEASE.2026-04-14T21-32-45Z.fips\npodman pull quay.io/minio/aistor/minio:RELEASE.2026-04-14T21-32-45Z.fips\n```\n\n#### Homebrew (macOS)\n\n```bash\nbrew install minio/aistor/minio\n```\n\n### Workarounds\n\n- [Users of the open-source `minio/minio` project should upgrade to MinIO AIStor `RELEASE.2026-04-14T21-32-45Z` or later.](https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/community-edition/)\n\nIf upgrading is not immediately possible:\n\n- **Rotate the root credential and restrict who holds it.** The exploit\n  requires a JWT signed with `MINIO_ROOT_PASSWORD`. Treat the root credential\n  as the host-filesystem disclosure primitive that it is: rotate it after any\n  suspected exposure, store it only in the secret manager that bootstraps the\n  cluster, and do not hand it to applications or operators who only need\n  object-level access.\n\n- **Do not run the MinIO container as UID 0.** Set\n  `securityContext.runAsNonRoot: true` (and a non-zero `runAsUser`) in\n  Kubernetes manifests, or add `--user` to `docker run`. This reduces the\n  blast radius from arbitrary host-filesystem disclosure to MinIO-UID-owned\n  files only.\n\n- **Restrict the internode storage-REST port at the network layer.** In\n  distributed deployments, the storage-REST route is served on the same port\n  as the S3 API by default. Where feasible, use `--internode-port` to expose\n  internode traffic on a separate interface reachable only from other cluster\n  peers, and block that interface from client networks.\n\n### Credits\n\n- **Finders:** Discovered by Claude, Anthropic\u0027s AI assistant, and triaged by\n  **Adrian Denkiewicz** at **Doyensec** in collaboration with **Anthropic\n  Research**.\n\n### Resources\n\n- Introducing commit: [`f939d1c18`](https://github.com/minio/minio/commit/f939d1c1831c71f4b1c14df6d9cd62b12ccce7a3)\n  ([PR #15346](https://github.com/minio/minio/pull/15346))\n- [CWE-22 \u2014 Improper Limitation of a Pathname to a Restricted Directory](https://cwe.mitre.org/data/definitions/22.html)\n- [CVE-2022-35919 \u2014 MinIO admin-authenticated path traversal in server-update endpoint (same class, different channel)](https://github.com/minio/minio/security/advisories/GHSA-gr9v-6pcm-rqvg)\n- [MinIO AIStor](https://min.io/aistor)",
  "id": "GHSA-xh8f-g2qw-gcm7",
  "modified": "2026-05-13T14:20:03Z",
  "published": "2026-05-05T20:05:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/minio/minio/security/advisories/GHSA-xh8f-g2qw-gcm7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42600"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/minio/minio"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "MinIO vulnerable to Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.