VYPR

Milvus

by Milvus Io

Source repositories

CVEs (4)

  • CVE-2025-64513CriNov 10, 2025
    risk 0.54cvss epss 0.01

    Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full…

  • CVE-2025-15453MedJan 5, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack…

  • CVE-2026-10814MedJun 4, 2026
    risk 0.22cvss 4.5epss 0.00

    A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be…

  • CVE-2026-26190Feb 13, 2026
    risk 0.00cvss epss 0.28

    Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from…