Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 08 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Seaweedfs
Seaweedfs seaweedfs |
|
| Vendors & Products |
Seaweedfs
Seaweedfs seaweedfs |
Wed, 08 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated low-privileged S3 user to enumerate administrator-owned table bucket names and ARNs. This issue is fixed in version 4.34. | |
| Title | SeaweedFS: Improper authorization in the S3Tables / Iceberg REST management API lets a low-privileged S3 user enumerate administrator-owned table buckets | |
| Weaknesses | CWE-863 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-08T15:33:34.018Z
Reserved: 2026-06-17T16:59:42.758Z
Link: CVE-2026-55873
Updated: 2026-07-08T15:33:31.160Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T17:15:02Z