CVE-2026-26190 | milvus-io milvus up to 2.5.26/2.6.9 Full REST API /expr missing authentication (GHSA-7ppg-37fh-vcr6)

Inserito da Angelo Barbosa | Feb 13, 2026 | CVE

A vulnerability was found in milvus-io milvus up to 2.5.26/2.6.9 and classified as critical. This affects an unknown part of the file /expr of the component Full REST API. The manipulation results in missing authentication.

This vulnerability is known as CVE-2026-26190. It is possible to launch the attack remotely. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2026-26190 | milvus-io milvus up to 2.5.26/2.6.9 Full REST API /expr missing authentication (GHSA-7ppg-37fh-vcr6)

Post correlati

CVE-2023-52361 | Huawei HarmonyOS 4.0.0 VerifiedBoot Module improper authentication

CVE-2025-24490 | Mattermost up to 9.11.7/10.2.2/10.3.2/10.4.1 Boards Category sql injection

CVE-2025-13170 | code-projects Simple Online Hotel Reservation System 1.0 /admin/edit_account.php admin_id sql injection

CVE-2025-64672 | Microsoft SharePoint Server cross site scripting