CNNVD-202602-922 Information
CNNVD ID
CNNVD-202602-922
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
Qdrant是Qdrant开源的一个矢量相似性搜索引擎和矢量数据库。 Qdrant 1.9.3至1.16.0之前版本存在安全漏洞,该漏洞源于/logger端点允许通过攻击者控制的on_disk.log_file路径向任意文件追加内容,可能导致任意文件写入。
Description (English)
Qdrant is a vector-like search engine and vector database for Qdrant open source. Qdrant 1.9.3 to 1.16.0 had a security loophole, which stemmed from the /logger endpoint, which allowed the addition of content to any document via the on disk.log file path controlled by the assailant, which could lead to the writing of any document.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Qdrant
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/qdrant/qdrant/blob/48203e414e4e7f639a6d394fb6e4df695f808e51/src/actix/api/service_api.rs#L195 https://github.com/qdrant/qdrant/commit/32b7fdfb7f542624ecd1f7c8d3e2b13c4e36a2c1 https://github.com/qdrant/qdrant/security/advisories/GHSA-f632-vm87-2m2f https://access.redhat.com/security/cve/cve-2026-25628
Patch
https://github.com/qdrant/qdrant/releases
Share on: