CNNVD-202602-2216 Information
CNNVD ID
CNNVD-202602-2216
Related CVE
- CNNVD Published: 2026-02-13
Description (Chinese)
milvus是The Milvus Project开源的一个高性能的云原生矢量数据库。 Milvus 2.5.27之前版本和2.6.10之前版本存在访问控制错误漏洞,该漏洞源于默认暴露的TCP端口9091存在身份验证绕过,可能导致未经验证的访问和任意表达式执行。
Description (English)
Milvus is a high-performance cloud vehicular vector database from the Milvus Project open source. There is an access control error gap in the previous version of Milvus 2.5.27 and the previous version of 2.6.10, which stems from the default exposure of TCP port 9091, which has been bypassed by authentication, which may lead to unauthorized access and arbitrary expression.
Vulnerability Type
访问控制错误
Affected Vendor
The Milvus Project
Published
2026-02-13
Last Modified
2026-02-24
References
https://github.com/milvus-io/milvus/commit/92b74dd2e286006a83b4a5f07951027b32e718a9 https://github.com/milvus-io/milvus/releases/tag/v2.5.27 https://github.com/milvus-io/milvus/releases/tag/v2.6.10 https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6
Patch
https://github.com/milvus-io/milvus/releases
Share on: