CVE-2026-25628
published 2026-02-06CVE-2026-25628: Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.49%
38.4th percentile
Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled on_disk.log_file path. Minimal privileges are required (read-only access). This vulnerability is fixed in 1.16.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qdrant | qdrant | — | — |
| qdrant | qdrant | >= 1.9.3 < 1.15.6 | 1.15.6 |
| qdrant | qdrant | 1.9.3 – 1.16.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/logger
- →Monitor HTTP requests to the /logger endpoint for attacker-controlled 'on_disk.log_file' path parameters, which may indicate exploitation of arbitrary file append vulnerability in Qdrant. ↗
- →Exploitation requires only read-only (minimal) privileges; do not rely on privilege level as a filter when detecting suspicious /logger endpoint activity in Qdrant. ↗
- →Flag Qdrant instances running versions 1.9.3 up to (but not including) 1.16.0 as vulnerable to this arbitrary file append attack. ↗
- ·The vulnerability is exploitable with only read-only access to Qdrant, meaning standard access controls are insufficient to prevent exploitation; network-level restrictions on the /logger endpoint are necessary. ↗
- ·The attacker-controlled parameter is 'on_disk.log_file' path in the /logger endpoint; any user-supplied path value reaching this parameter should be treated as malicious. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
qdrant has arbitrary file write via `/logger` endpoint
ghsa·2026-02-05
CVE-2026-25628 [HIGH] CWE-73 qdrant has arbitrary file write via `/logger` endpoint
qdrant has arbitrary file write via `/logger` endpoint
### Summary
It is possible to append to arbitrary files via /logger endpoint. Minimal privileges are required (read-only access). Tested on Qdrant 1.15.5
### Details
`POST /logger`
([Source code link](https://github.com/qdrant/qdrant/blob/48203e414e4e7f639a6d394fb6e4df695f808e51/src/actix/api/service_api.rs#L195))
endpoint accepts an attacker-controlled `on_disk.log_file` path.
There are no authorization checks (but authentication check is present).
This can be exploited in the following way: if configuration directory is writable and `config/local.yaml` does not exist, set log path to `config/local.yaml` and send a request with a log injection payload. The`PATCH /collections` endpoint was used with an invalid collection name to in
OSV
qdrant has arbitrary file write via `/logger` endpoint
osv·2026-02-05
CVE-2026-25628 [HIGH] qdrant has arbitrary file write via `/logger` endpoint
qdrant has arbitrary file write via `/logger` endpoint
### Summary
It is possible to append to arbitrary files via /logger endpoint. Minimal privileges are required (read-only access). Tested on Qdrant 1.15.5
### Details
`POST /logger`
([Source code link](https://github.com/qdrant/qdrant/blob/48203e414e4e7f639a6d394fb6e4df695f808e51/src/actix/api/service_api.rs#L195))
endpoint accepts an attacker-controlled `on_disk.log_file` path.
There are no authorization checks (but authentication check is present).
This can be exploited in the following way: if configuration directory is writable and `config/local.yaml` does not exist, set log path to `config/local.yaml` and send a request with a log injection payload. The`PATCH /collections` endpoint was used with an invalid collection name to in
No detection rules found.
No public exploits indexed.
2026-02-06
Published