Lucene search
K

16 matches found

Nuclei
Nuclei
added 2 days ago16 views

Milvus - Unauthenticated Metrics API Access

Milvus 2.5.27 and 2.6.10 contains an authentication bypass caused by weak default token and unauthenticated REST API on TCP port 9091, letting attackers perform arbitrary expression evaluation and data manipulation, exploit requires network access to port 9091. id: CVE-2026-26190 info: name: Milv...

9.8CVSS6AI score0.27661EPSS
Exploits1References3
Veracode
Veracode
added 2026/05/15 11:2 a.m.14 views

Authentication Bypass

Milvus is vulnerable to Authentication Bypass. The vulnerability is due to unauthenticated exposure of the management port 9091 and use of a weak predictable token for the /expr debug endpoint, allowing attackers to access REST API operations, execute arbitrary expressions, and perform unauthoriz...

9.8CVSS6.1AI score0.27661EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/04 12:26 a.m.4 views

SUSE CVE-2026-26190

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS5.8AI score0.27661EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.4 views

PT-2026-20870

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS5.8AI score0.27661EPSS
Exploits1References6
OSV
OSV
added 2026/02/17 6:9 p.m.11 views

GO-2026-4481 Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise in github.com/milvus-io/milvus

Milvus: Unauthenticated Access to Restful API on Metrics Port 9091 Leads to Critical System Compromise in github.com/milvus-io/milvus. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

9.8CVSS5.6AI score0.27661EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/14 7:22 p.m.4 views

CVE-2026-26190

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS5.7AI score0.27661EPSS
Exploits1References1
NVD
NVD
added 2026/02/13 7:17 p.m.9 views

CVE-2026-26190

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS0.27661EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/13 6:44 p.m.81 views

CVE-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS0.27661EPSS
Exploits1References4
OSV
OSV
added 2026/02/13 6:44 p.m.5 views

CVE-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS5.8AI score0.27661EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.8 views

milvus 访问控制错误漏洞

Milvus is a high-performance cloud-native vector database open source project by The Milvus Project. Versions of Milvus prior to 2.5.27 and 2.6.10 contained an access control vulnerability. This vulnerability stemmed from an authentication bypass in the default exposed TCP port 9091, which could...

9.8CVSS6AI score0.27661EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/11 7:49 p.m.11 views

Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise

Summary Milvus exposes TCP port 9091 by default with two critical authentication bypass vulnerabilities: 1. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath default: by-dev, enabling arbitrary expression evaluation. 2. The full REST API...

9.8CVSS6.8AI score0.27661EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.12 views

PT-2026-8025

Name of the Vulnerable Software and Affected Versions Milvus versions prior to 2.5.27 Milvus versions prior to 2.6.10 Description Milvus, an open-source vector database for generative AI applications, is affected by an issue that allows authentication bypasses. The software exposes TCP port 9091 ...

9.9CVSS5.6AI score0.27661EPSS
Exploits45References126
CNNVD
CNNVD
added 2025/03/18 12:0 a.m.5 views

IROAD APK 安全漏洞

The IROAD APK is a mobile application from IROAD that works with the IROAD Car Recorder. A security vulnerability exists in IROAD APK version 5.2.5, which stems from the use of hard-coded credentials on ports 9091 and 9092 in the APK, which could allow an attacker to access the API endpoint and...

6.5CVSS6.2AI score0.00222EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/18 12:0 a.m.15 views

CVE-2025-30137

An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 and 9092. Once the GNET SSID is connected to...

0.00436EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/18 12:0 a.m.5 views

Forvia Hella HELLA Driving Recorder DR 820 安全漏洞

Forvia Hella HELLA Driving Recorder DR 820 is a driving recorder from Forvia. A security vulnerability exists in the Forvia Hella HELLA Driving Recorder DR 820, which originated from a vulnerability that allows remote attackers to access and download recorded video via port 9091, and stream...

7.5CVSS7AI score0.00508EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2018/01/11 12:0 a.m.42 views

Transmission - RPC DNS Rebinding

The transmission bittorrent client uses a client/server architecture, the user interface is the client and a daemon runs in the background managing the downloading, seeding, etc. Clients interact with the daemon using JSON RPC requests to a web server listening on port 9091. By default, the daemo...

7.4AI score
Exploits0
Rows per page
Query Builder