Go modules package
github.com/milvus-io/milvus
pkg:golang/github.com/milvus-io/milvus
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-26190 | — | < 2.5.27 | 2.5.27 | Feb 13, 2026 | Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from e | ||
| CVE-2025-64513 | Cri | — | >= 0.10.4, < 2.4.24 | 2.4.24 | Nov 10, 2025 | Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative |
- CVE-2026-26190Feb 13, 2026affected < 2.5.27fixed 2.5.27
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from e
- affected >= 0.10.4, < 2.4.24fixed 2.4.24
Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative