CVE-2026-11466 | zilliztech deep-searcher up to 0.0.2 collection_router.py CollectionRouter.invoke kwargs access control (Issue 267)

Inserito da Angelo Barbosa | Giu 7, 2026 | CVE

A vulnerability has been found in zilliztech deep-searcher up to 0.0.2 and classified as problematic. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls.

This vulnerability is registered as CVE-2026-11466. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The pull request to fix this issue awaits acceptance.

CVE-2026-11466 | zilliztech deep-searcher up to 0.0.2 collection_router.py CollectionRouter.invoke kwargs access control (Issue 267)

Post correlati

CVE-2025-23780 | AlphaBPO Easy Code Snippets Plugin up to 1.0.2 on WordPress sql injection

CVE-2025-6752 | Linksys WRT1900ACS/EA7200/EA7450/EA7500 up to 20250619 IGD Layer3Forwarding SetDefaultConnectionService NewDefaultConnectionService stack-based overflow

CVE-2025-69271 | Broadcom DX NetOps Spectrum up to 24.3.13 on Windows insufficiently protected credentials

CVE-2023-41848 | Majeed Raza Carousel Slider Plugin up to 2.2.2 on WordPress authorization