CVE-2026-10814

Exploit

EPSS 0.09%
Veröffentlicht 04.06.2026 15:00:19
Zuletzt bearbeitet 10.06.2026 17:32:11
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

milvus-io milvus Grantee ID Hash kv_catalog.go weak hash

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The attack's complexity is rated as high. It is stated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 3d932f1c3e065351c4440c27abe1e6479752544d. Applying a patch is the recommended action to fix this issue.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 11

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Milvus ≫ Milvus Version <= 2.6.13

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.006

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	1.1	0	0	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	4.5	1	3.4	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	3.5	1.5	6.4	AV:L/AC:H/Au:S/C:P/I:P/A:P

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

CWE-328 Use of Weak Hash

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

https://vuldb.com/vuln/368262

Third Party Advisory

VDB Entry

https://vuldb.com/vuln/368262/cti

VDB Entry

Permissions Required

https://vuldb.com/cve/CVE-2026-10814

Third Party Advisory

VDB Entry

https://vuldb.com/submit/831645

Third Party Advisory

VDB Entry

https://github.com/milvus-io/milvus/issues/49857

Issue Tracking

https://github.com/milvus-io/milvus/pull/50060

Patch

Issue Tracking

https://github.com/milvus-io/milvus/commit/3d932f1c3e065351c4440c27abe1e6479752544d

Patch

https://github.com/milvus-io/milvus/

Product

https://nvd.nist.gov/vuln/detail/CVE-2026-10814

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-10814

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-10814

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-10814