CVE-2026-54019

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus multitenancy mode is enabled. The ACL allows unknown non-KB collection names as...

CVE-2026-54019

Open WebUI CVE-2026-54019 describes an ACL bypass in Milvus multitenancy mode. Before version 0.9.6, collection-level ACL checks exist but can be bypassed when an attacker supplies user-controlled, unknown collection names, which Milvus treats as a resource_id and interpolates into an unsafe expr...

CVE-2026-54019 Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus multitenancy mode is enabled. The ACL allows unknown non-KB collection names as...

Milvus - Unauthenticated Metrics API Access

Milvus 2.5.27 and 2.6.10 contains an authentication bypass caused by weak default token and unauthenticated REST API on TCP port 9091, letting attackers perform arbitrary expression evaluation and data manipulation, exploit requires network access to port 9091. id: CVE-2026-26190 info: name: Milv...

Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode

RAG ACL Bypass in Milvus Multitenancy Mode Summary This is a bypass of the fix for: - GHSA-h36f-rqpx-j5wx - CVE-2026-44560 - "Unauthorized File and Knowledge Base Content Access via RAG Vector Search" Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus...

PT-2026-50591

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An issue exists in the self-hosted artificial intelligence platform where collection-level Access Control List ACL checks can be bypassed when Milvus multitenancy mode is enabled. The ACL permits...

BIT-MILVUS-2026-10814 milvus-io milvus Grantee ID Hash kv_catalog.go weak hash

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kvcatalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The...

CVE-2026-10814

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kvcatalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The...

CVE-2026-41705

Spring AI's MilvusVectorStoredoDeleteList implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 o...

CVE-2026-10814

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kvcatalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The...

EUVD-2026-34292

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kvcatalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The...

CVE-2026-10814 milvus-io milvus Grantee ID Hash kv_catalog.go weak hash

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kvcatalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The...

CVE-2026-10814

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kvcatalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The...

CVE-2026-10814

Milvus up to version 2.6.13 has a local vulnerability in the Grantee ID Hash Handler (internal/metastore/kv/rootcoord/kv_catalog.go) related to using a weak hash. Exploitation is described as locally possible with high complexity; exploitability is difficult. A patch is identified as 3d932f1c3e06...

CVE-2026-10814 milvus-io milvus Grantee ID Hash kv_catalog.go weak hash

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kvcatalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The...

PT-2026-46252

Name of the Vulnerable Software and Affected Versions milvus-io milvus versions prior to 2.6.14 Description An issue exists in the Grantee ID Hash Handler component within the file internal/metastore/kv/rootcoord/kv catalog.go. This flaw allows for the use of a weak hash, which can be manipulated...

milvus 安全漏洞

Milvus is a high-performance cloud-native vector database open-sourced by The Milvus Project. Versions of Milvus 2.6.13 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of weak hashing in unknown code within the Grantee ID Hash Handler component’s...

Filter Expression Injection

Spring AI is vulnerable to Filter Expression Injection. The vulnerability is due to insufficient sanitization of document IDs in MilvusVectorStoredoDeleteList, where attacker-controlled IDs are incorporated into Milvus filter expressions, allowing injection of malicious query conditions that can...

Authentication Bypass

Milvus is vulnerable to Authentication Bypass. The vulnerability is due to unauthenticated exposure of the management port 9091 and use of a weak predictable token for the /expr debug endpoint, allowing attackers to access REST API operations, execute arbitrary expressions, and perform unauthoriz...

GHSA-V632-2M87-7469 Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs

Spring AI's MilvusVectorStoredoDeleteList implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 o...