crates.io package
qdrant
pkg:cargo/qdrant
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25628 | — | >= 1.9.3, < 1.15.6 | 1.15.6 | Feb 6, 2026 | Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled on_disk.log_file path. Minimal privileges are required (read-only access). This vulnerabilit | ||
| CVE-2024-3584 | — | >= 1.9.0-dev, < 1.9.0 | 1.9.0 | May 30, 2024 | qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system |
- CVE-2026-25628Feb 6, 2026affected >= 1.9.3, < 1.15.6fixed 1.15.6
Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled on_disk.log_file path. Minimal privileges are required (read-only access). This vulnerabilit
- CVE-2024-3584May 30, 2024affected >= 1.9.0-dev, < 1.9.0fixed 1.9.0
qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system