cbcvebase.
CVE-2026-25628
published 2026-02-06

CVE-2026-25628: Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint…

PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.49%
38.4th percentile
Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled on_disk.log_file path. Minimal privileges are required (read-only access). This vulnerability is fixed in 1.16.0.

Affected

3 ranges
VendorProductVersion rangeFixed in
qdrantqdrant
qdrantqdrant>= 1.9.3 < 1.15.61.15.6
qdrantqdrant1.9.3 – 1.16.0

Detection & IOCsextracted from sources · hover to see the quote

url/logger
  • Monitor HTTP requests to the /logger endpoint for attacker-controlled 'on_disk.log_file' path parameters, which may indicate exploitation of arbitrary file append vulnerability in Qdrant.
  • Exploitation requires only read-only (minimal) privileges; do not rely on privilege level as a filter when detecting suspicious /logger endpoint activity in Qdrant.
  • Flag Qdrant instances running versions 1.9.3 up to (but not including) 1.16.0 as vulnerable to this arbitrary file append attack.
  • ·The vulnerability is exploitable with only read-only access to Qdrant, meaning standard access controls are insufficient to prevent exploitation; network-level restrictions on the /logger endpoint are necessary.
  • ·The attacker-controlled parameter is 'on_disk.log_file' path in the /logger endpoint; any user-supplied path value reaching this parameter should be treated as malicious.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.