Vulnerability Description
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management. This vulnerability is fixed in 2.5.27 and 2.6.10.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Milvus | Milvus | < 2.5.27 |
Related Weaknesses (CWE)
References
- https://github.com/milvus-io/milvus/commit/92b74dd2e286006a83b4a5f07951027b32e71Patch
- https://github.com/milvus-io/milvus/releases/tag/v2.5.27ProductRelease Notes
- https://github.com/milvus-io/milvus/releases/tag/v2.6.10ProductRelease Notes
- https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6ExploitMitigationVendor Advisory
FAQ
What is CVE-2026-26190?
CVE-2026-26190 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr deb...
How severe is CVE-2026-26190?
CVE-2026-26190 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-26190?
Check the references section above for vendor advisories and patch information. Affected products include: Milvus Milvus.