CNNVD-202601-945 Information
CNNVD ID
CNNVD-202601-945
Related CVE
- CNNVD Published: 2026-01-05
Description (Chinese)
milvus是The Milvus Project开源的一个高性能的云原生矢量数据库。 milvus 2.6.7及之前版本存在代码问题漏洞,该漏洞源于对组件HTTP Endpoint的文件pkg/util/expr/expr.go中函数expr.Exec的参数code的错误操作,可能导致反序列化攻击。
Description (English)
Milvus is a high-performance cloud vehicular vector database from the Milvus Project open source. Milvus 2.6.7 and previous versions have a code problem loophole, which stems from the error of the parameter code of the medium function extpr.Exec for the HTTP Endpoint component, pkg/util/expr/expr.go, which could lead to a backserialized attack.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
The Milvus Project
Published
2026-01-05
Last Modified
2026-02-24
References
https://vuldb.com/?id.339486 https://vuldb.com/?submit.719061 https://vuldb.com/?ctiid.339486 https://github.com/milvus-io/milvus/issues/46442#issue-3743414836 https://github.com/milvus-io/milvus/issues/46442#issuecomment-3672197450 https://github.com/milvus-io/milvus/milestone/139 https://access.redhat.com/security/cve/cve-2025-15453
Patch
https://github.com/milvus-io/milvus/releases
Share on: