{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26190", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-11T19:56:24.812Z", "datePublished": "2026-02-13T18:44:33.465Z", "dateUpdated": "2026-02-26T14:44:20.414Z"}, "containers": {"cna": {"title": "Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise", "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "lang": "en", "description": "CWE-306: Missing Authentication for Critical Function", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6"}, {"name": "https://github.com/milvus-io/milvus/commit/92b74dd2e286006a83b4a5f07951027b32e718a9", "tags": ["x_refsource_MISC"], "url": "https://github.com/milvus-io/milvus/commit/92b74dd2e286006a83b4a5f07951027b32e718a9"}, {"name": "https://github.com/milvus-io/milvus/releases/tag/v2.5.27", "tags": ["x_refsource_MISC"], "url": "https://github.com/milvus-io/milvus/releases/tag/v2.5.27"}, {"name": "https://github.com/milvus-io/milvus/releases/tag/v2.6.10", "tags": ["x_refsource_MISC"], "url": "https://github.com/milvus-io/milvus/releases/tag/v2.6.10"}], "affected": [{"vendor": "milvus-io", "product": "milvus", "versions": [{"version": "< 2.5.27", "status": "affected"}, {"version": ">= 2.6.0, < 2.6.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-13T18:44:33.465Z"}, "descriptions": [{"lang": "en", "value": "Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management. This vulnerability is fixed in 2.5.27 and 2.6.10."}], "source": {"advisory": "GHSA-7ppg-37fh-vcr6", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26190", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-18T04:56:24.717605Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:44:20.414Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26190", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-18T04:56:24.717605Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T19:37:23.724Z"}}], "cna": {"title": "Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise", "source": {"advisory": "GHSA-7ppg-37fh-vcr6", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "milvus-io", "product": "milvus", "versions": [{"status": "affected", "version": "< 2.5.27"}, {"status": "affected", "version": ">= 2.6.0, < 2.6.10"}]}], "references": [{"url": "https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6", "name": "https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/milvus-io/milvus/commit/92b74dd2e286006a83b4a5f07951027b32e718a9", "name": "https://github.com/milvus-io/milvus/commit/92b74dd2e286006a83b4a5f07951027b32e718a9", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/milvus-io/milvus/releases/tag/v2.5.27", "name": "https://github.com/milvus-io/milvus/releases/tag/v2.5.27", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/milvus-io/milvus/releases/tag/v2.6.10", "name": "https://github.com/milvus-io/milvus/releases/tag/v2.6.10", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management. This vulnerability is fixed in 2.5.27 and 2.6.10."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-13T18:44:33.465Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26190", "state": "PUBLISHED", "dateUpdated": "2026-02-26T14:44:20.414Z", "dateReserved": "2026-02-11T19:56:24.812Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-13T18:44:33.465Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:milvus:milvus:*:*:*:*:*:*:*:*", "matchCriteriaId": "47F8F103-3983-4099-A154-D8F4A04A1EA5", "versionEndExcluding": "2.5.27", "vulnerable": true}, {"criteria": "cpe:2.3:a:milvus:milvus:*:*:*:*:*:*:*:*", "matchCriteriaId": "34DA261B-809B-41E7-A1AA-486B04758216", "versionEndExcluding": "2.6.10", "versionStartIncluding": "2.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management. This vulnerability is fixed in 2.5.27 and 2.6.10."}], "id": "CVE-2026-26190", "lastModified": "2026-02-18T19:11:12.333", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-13T19:17:29.253", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/milvus-io/milvus/commit/92b74dd2e286006a83b4a5f07951027b32e718a9"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/milvus-io/milvus/releases/tag/v2.5.27"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/milvus-io/milvus/releases/tag/v2.6.10"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.5.27)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.6.0,2.6.10)"}}], "product": "milvus", "vendor": "milvus"}], "analysis": {"en": {"generated_at": "2026-04-17T19:49:14.672956+00:00", "value": {"mitigation_remediation": ["Upgrade Milvus to version 2.5.27 or later, or 2.6.10 or newer, to receive the fix that removes unauthenticated access to the metrics port.", "Restrict network access to port 9091 by configuring firewalls or networking controls so that only trusted hosts can reach the metrics endpoint.", "Disable or secure the /expr debug endpoint by setting a strong custom authentication token and ensuring etcd.rootPath is not the default value.", "Enforce authentication for the full REST API (/api/v1/*) or disable the metrics port if it is not required for monitoring."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Milvus (milvus-io:milvus) versions prior to 2.5.27 and 2.6.10 are affected. Users running these releases should verify whether their deployments expose port 9091 and whether the /expr endpoint is enabled.", "description_and_impact": "Milvus exposes port 9091 by default, and the /expr debug endpoint uses a weak, predictable authentication token derived from etcd.rootPath. This oversight allows anyone with network access to the metrics port to bypass authentication, execute arbitrary expressions, and manipulate both data and credentials through the full REST API. The vulnerability aligns with missing login checks (CWE-306) and results in remote code execution capable of compromising the entire system.", "risk_and_exploitability": "The CVSS score of 9.8 indicates critical severity, while the EPSS score of less than 1% suggests the likelihood of exploitation is low but nonzero. The vulnerability is not listed in the CISA KEV catalog. Attacking requires only establishing a TCP connection to the metrics port and sending requests; no authentication is required. The simple attack path and wide exposure make this a high-risk issue for any unathenticated accessible Milvus service."}}}}, "created": "2026-02-13T21:42:56.474019+00:00", "updated": "2026-04-17T20:00:09.005804+00:00", "vendors": ["milvus", "milvus$PRODUCT$milvus"]}