Resource exhaustion in Minio

CVE-2026-39414

MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer tha…

EPSS: 0.001 (18.2th percentile) — read the EPSS interpretation.

Affected products

Minio — versions >= RELEASE.2018-08-18T03-49-57Z, < RELEASE.2025-12-20T04-58-37Z

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

https://github.com/minio/minio/security/advisories/GHSA-h749-fxx7-pwpg (x_refsource_CONFIRM)
https://github.com/minio/minio/pull/8200 (x_refsource_MISC)
https://github.com/minio/minio/commit/7c14cdb60e53dbfdad2be644dfb180cab19fffa7 (x_refsource_MISC)
https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/community-edition (x_refsource_MISC)