16 matches found
Milvus - Unauthenticated Metrics API Access
Milvus 2.5.27 and 2.6.10 contains an authentication bypass caused by weak default token and unauthenticated REST API on TCP port 9091, letting attackers perform arbitrary expression evaluation and data manipulation, exploit requires network access to port 9091. id: CVE-2026-26190 info: name: Milv...
Authentication Bypass
Milvus is vulnerable to Authentication Bypass. The vulnerability is due to unauthenticated exposure of the management port 9091 and use of a weak predictable token for the /expr debug endpoint, allowing attackers to access REST API operations, execute arbitrary expressions, and perform unauthoriz...
SUSE CVE-2026-26190
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...
PT-2026-20870
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...
GO-2026-4481 Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise in github.com/milvus-io/milvus
Milvus: Unauthenticated Access to Restful API on Metrics Port 9091 Leads to Critical System Compromise in github.com/milvus-io/milvus. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...
CVE-2026-26190
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...
CVE-2026-26190
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...
CVE-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...
CVE-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...
milvus 访问控制错误漏洞
Milvus is a high-performance cloud-native vector database open source project by The Milvus Project. Versions of Milvus prior to 2.5.27 and 2.6.10 contained an access control vulnerability. This vulnerability stemmed from an authentication bypass in the default exposed TCP port 9091, which could...
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
Summary Milvus exposes TCP port 9091 by default with two critical authentication bypass vulnerabilities: 1. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath default: by-dev, enabling arbitrary expression evaluation. 2. The full REST API...
PT-2026-8025
Name of the Vulnerable Software and Affected Versions Milvus versions prior to 2.5.27 Milvus versions prior to 2.6.10 Description Milvus, an open-source vector database for generative AI applications, is affected by an issue that allows authentication bypasses. The software exposes TCP port 9091 ...
IROAD APK 安全漏洞
The IROAD APK is a mobile application from IROAD that works with the IROAD Car Recorder. A security vulnerability exists in IROAD APK version 5.2.5, which stems from the use of hard-coded credentials on ports 9091 and 9092 in the APK, which could allow an attacker to access the API endpoint and...
CVE-2025-30137
An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 and 9092. Once the GNET SSID is connected to...
Forvia Hella HELLA Driving Recorder DR 820 安全漏洞
Forvia Hella HELLA Driving Recorder DR 820 is a driving recorder from Forvia. A security vulnerability exists in the Forvia Hella HELLA Driving Recorder DR 820, which originated from a vulnerability that allows remote attackers to access and download recorded video via port 9091, and stream...
Transmission - RPC DNS Rebinding
The transmission bittorrent client uses a client/server architecture, the user interface is the client and a daemon runs in the background managing the downloading, seeding, etc. Clients interact with the daemon using JSON RPC requests to a web server listening on port 9091. By default, the daemo...