CVE-2026-26190

PUBLISHED

Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise

milvus-io · milvus
PoC available

Recommended Action

Track for updates. Assess relevance to your asset inventory and enrichment workflows.

Confidence
Exploitation Status
PoC available
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
CVSS / EPSS
9.8 Critical EPSS 27.7%

At a Glance

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management. This vulnerability is fixed in 2.5.27 and 2.6.10.

CVE Published
Feb 13, 2026
CVSS
9.8 Critical
EPSS
27.7%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
milvus-io
milvus

< 2.5.27

Affected
milvus-io
milvus

>= 2.6.0, < 2.6.10

Affected

Recommended Actions

  • Track for updates. Assess relevance to your asset inventory and enrichment workflows.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.