CVE-2026-11466

EUVD-2026-34997
A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Common Weakness Enumeration
References
https://github.com/zilliztech/deep-searcher/
https://github.com/zilliztech/deep-searcher/issues/267
https://github.com/zilliztech/deep-searcher/pull/268
https://vuldb.com/cve/CVE-2026-11466
https://vuldb.com/submit/833652
https://vuldb.com/vuln/369086
https://vuldb.com/vuln/369086/cti