CVE-2026-26190
published 2026-02-13CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which…
PriorityP190critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
27.66%
97.8th percentile
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management. This vulnerability is fixed in 2.5.27 and 2.6.10.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | milvus-io_milvus | >= 0 < 2.5.27 | 2.5.27 |
| github.com | milvus-io_milvus | >= 2.6.0 < 2.6.10 | 2.6.10 |
| milvus-io | milvus | < 2.5.27 | 2.5.27 |
| milvus-io | milvus | — | — |
| milvus | milvus | < 2.5.27 | 2.5.27 |
| milvus | milvus | >= 2.6.0 < 2.6.10 | 2.6.10 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts against the /expr debug endpoint by monitoring for HTTP GET requests to /expr with the 'auth=by-dev' parameter on port 9091. ↗
- →Monitor for unauthenticated HTTP requests to /api/v1/* on TCP port 9091, which is the metrics/management port exposing the full REST API without authentication. ↗
- →Use Shodan to identify exposed Milvus instances: search for hosts returning '404 page not found' on port 9091. ↗
- ·The default authentication token 'by-dev' is derived from the etcd.rootPath configuration value. If etcd.rootPath has been changed from its default, the token will differ — but the /api/v1/* REST API remains unauthenticated regardless. ↗
- ·Exploitation requires network access to TCP port 9091. Instances not exposed to untrusted networks have reduced risk, but the vulnerability is still present. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise in github.com/milvus-io/milvus
osv·2026-02-17
CVE-2026-26190 Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise in github.com/milvus-io/milvus
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise in github.com/milvus-io/milvus
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise in github.com/milvus-io/milvus.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/milvus-io/milvus before v2.5.27, from v2.6.0 before v2.6.10.
GHSA
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
ghsa·2026-02-11
CVE-2026-26190 [CRITICAL] CWE-1188 Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
## Summary
Milvus exposes TCP port 9091 by default with two critical authentication bypass vulnerabilities:
1. The `/expr` debug endpoint uses a weak, predictable default authentication token derived from `etcd.rootPath` (default: `by-dev`), enabling arbitrary expression evaluation.
2. The full REST API (`/api/v1/*`) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management.
## Details
### Vulnerability 1: Weak Default Authentication on `/expr` Endpoint
The `/expr` endpoint on port 9091 accepts an `auth` parameter that defaults to the `etcd.rootPath` valu
OSV
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
osv·2026-02-11
CVE-2026-26190 [CRITICAL] Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
## Summary
Milvus exposes TCP port 9091 by default with two critical authentication bypass vulnerabilities:
1. The `/expr` debug endpoint uses a weak, predictable default authentication token derived from `etcd.rootPath` (default: `by-dev`), enabling arbitrary expression evaluation.
2. The full REST API (`/api/v1/*`) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management.
## Details
### Vulnerability 1: Weak Default Authentication on `/expr` Endpoint
The `/expr` endpoint on port 9091 accepts an `auth` parameter that defaults to the `etcd.rootPath` valu
No detection rules found.
Nuclei
Milvus - Unauthenticated Metrics API Access
nuclei·CVSS 9.8
CVE-2026-26190 [CRITICAL] Milvus - Unauthenticated Metrics API Access
Milvus - Unauthenticated Metrics API Access
Milvus < 2.5.27 and < 2.6.10 contains an authentication bypass caused by weak default token and unauthenticated REST API on TCP port 9091, letting attackers perform arbitrary expression evaluation and data manipulation, exploit requires network access to port 9091.
Template:
id: CVE-2026-26190
info:
name: Milvus - Unauthenticated Metrics API Access
author: WRG-11
severity: critical
description: |
Milvus < 2.5.27 and < 2.6.10 contains an authentication bypass caused by weak default token and unauthenticated REST API on TCP port 9091, letting attackers perform arbitrary expression evaluation and data manipulation, exploit requires network access to port 9091.
impact: |
Attackers can bypass authentication to execute arbitrary expressions and man
2026-02-13
Published