CVE-2026-26190

EUVD-2026-5932

13.02.2026, 19:17

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management. This vulnerability is fixed in 2.5.27 and 2.6.10.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
GitHub_M	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 54%

Affected Products (NVD)

Vendor	Product	Version
milvus	milvus	𝑥 < 2.5.27
milvus	milvus	2.6.0 ≤ 𝑥 < 2.6.10

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6

Common Weakness Enumeration

CWE-306 - Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

https://github.com/milvus-io/milvus/commit/92b74dd2e286006a83b4a5f07951027b32e718a9

https://github.com/milvus-io/milvus/releases/tag/v2.5.27

https://github.com/milvus-io/milvus/releases/tag/v2.6.10

https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6