CVE-2026-42882 - Vulnerability Analysis
CriticalCVSS: 9.4Last Updated: May 11, 2026
oxyno-zeta s3-proxy - Authentication Bypass
Overview
oxyno-zeta s3-proxy < 5.0.0 contains an authentication bypass caused by inconsistent URL path interpretation between authentication middleware and bucket handler, letting unauthenticated attackers read, write, or delete protected S3 objects remotely, exploit requires network access.
Severity & Score
Impact
Unauthenticated attackers can read, write, or delete objects in protected S3 namespaces, leading to data compromise and loss.
Mitigation
Upgrade to version 5.0.0 or later.
References
Social Media Activity(2 posts)
🚨 CVE-2026-42882 (CRITICAL): oxyno-zeta s3-proxy <5.0.0 has a path traversal bug, letting unauthenticated attackers bypass auth to access or modify protected S3 objects. Patch to v5.0.0 now! https://radar.offseq.com/threat/cve-2026-42882-cwe-22-improper-limitation-of-a-pat-5be1c7df #OffSeq #CVE202642882 #CloudSecurity #Vuln
View original post
🚨 CVE-2026-42882 (CRITICAL): oxyno-zeta s3-proxy <5.0.0 has a path traversal bug, letting unauthenticated attackers bypass auth to access or modify protected S3 objects. Patch to v5.0.0 now! https://radar.offseq.com/threat/cve-2026-42882-cwe-22-improper-limitation-of-a-pat-5be1c7df #OffSeq #CVE202642882 #CloudSecurity #Vuln
View original postRelated Resources
Details
- CVE ID
- CVE-2026-42882
- Severity
- Critical
- CVSS Score
- 9.4
- Type
- broken_authentication
- Status
- new
- EPSS
- 12.4%
- Social Posts
- 2
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L