{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26190", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-11T19:56:24.812Z", "datePublished": "2026-02-13T18:44:33.465Z", "dateUpdated": "2026-02-13T19:37:40.553Z"}, "containers": {"cna": {"title": "Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise", "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "lang": "en", "description": "CWE-306: Missing Authentication for Critical Function", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6"}, {"name": "https://github.com/milvus-io/milvus/commit/92b74dd2e286006a83b4a5f07951027b32e718a9", "tags": ["x_refsource_MISC"], "url": "https://github.com/milvus-io/milvus/commit/92b74dd2e286006a83b4a5f07951027b32e718a9"}, {"name": "https://github.com/milvus-io/milvus/releases/tag/v2.5.27", "tags": ["x_refsource_MISC"], "url": "https://github.com/milvus-io/milvus/releases/tag/v2.5.27"}, {"name": "https://github.com/milvus-io/milvus/releases/tag/v2.6.10", "tags": ["x_refsource_MISC"], "url": "https://github.com/milvus-io/milvus/releases/tag/v2.6.10"}], "affected": [{"vendor": "milvus-io", "product": "milvus", "versions": [{"version": "< 2.5.27", "status": "affected"}, {"version": ">= 2.6.0, < 2.6.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-13T18:44:33.465Z"}, "descriptions": [{"lang": "en", "value": "Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management. This vulnerability is fixed in 2.5.27 and 2.6.10."}], "source": {"advisory": "GHSA-7ppg-37fh-vcr6", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-13T19:37:09.646996Z", "id": "CVE-2026-26190", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T19:37:40.553Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26190", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-13T19:37:09.646996Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T19:37:23.724Z"}}], "cna": {"title": "Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise", "source": {"advisory": "GHSA-7ppg-37fh-vcr6", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "milvus-io", "product": "milvus", "versions": [{"status": "affected", "version": "< 2.5.27"}, {"status": "affected", "version": ">= 2.6.0, < 2.6.10"}]}], "references": [{"url": "https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6", "name": "https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/milvus-io/milvus/commit/92b74dd2e286006a83b4a5f07951027b32e718a9", "name": "https://github.com/milvus-io/milvus/commit/92b74dd2e286006a83b4a5f07951027b32e718a9", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/milvus-io/milvus/releases/tag/v2.5.27", "name": "https://github.com/milvus-io/milvus/releases/tag/v2.5.27", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/milvus-io/milvus/releases/tag/v2.6.10", "name": "https://github.com/milvus-io/milvus/releases/tag/v2.6.10", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management. This vulnerability is fixed in 2.5.27 and 2.6.10."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-13T18:44:33.465Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26190", "state": "PUBLISHED", "dateUpdated": "2026-02-13T19:37:40.553Z", "dateReserved": "2026-02-11T19:56:24.812Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-13T18:44:33.465Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management. This vulnerability is fixed in 2.5.27 and 2.6.10."}], "id": "CVE-2026-26190", "lastModified": "2026-02-13T21:43:11.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-13T19:17:29.253", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/milvus-io/milvus/commit/92b74dd2e286006a83b4a5f07951027b32e718a9"}, {"source": "security-advisories@github.com", "url": "https://github.com/milvus-io/milvus/releases/tag/v2.5.27"}, {"source": "security-advisories@github.com", "url": "https://github.com/milvus-io/milvus/releases/tag/v2.6.10"}, {"source": "security-advisories@github.com", "url": "https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}