cbcvebase.

Milvus-Io Milvus vulnerabilities

3 known vulnerabilities affecting milvus-io/milvus.

Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1

Vulnerabilities

Page 1 of 1
CVE-2026-26190P1CRITICALCVSS 9.8PoCfixed in 2.5.27v>= 2.6.0, < 2.6.102026-02-13
CVE-2026-26190 [CRITICAL] CWE-306 CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2 Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluat
nvd
CVE-2025-64513P2CRITICALCVSS 9.3fixed in 2.4.24v>= 2.5.0, < 2.5.21+1 more2025-11-10
CVE-2025-64513 [CRITICAL] CWE-287 CVE-2025-64513: Milvus is an open-source vector database built for generative AI applications. An unauthenticated at Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the Milvus cluster. This grants the attacker the ability t
nvd
CVE-2026-10814P4HIGHCVSS 7.0v2.6.0v2.6.1+12 more2026-06-04
CVE-2026-10814 [HIGH] CWE-327 CVE-2026-10814: A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The attack's complexity is rated as high. It is stated that the
nvd
Milvus-Io Milvus vulnerabilities | cvebase