CVE-2025-15453
milvus HTTP Endpoint expr.go expr.Exec deserialization
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. A fix is planned for the next release 2.6.8.
| CWE | CWE-502 CWE-20 |
| Vendor | n/a |
| Product | milvus |
| Published | Jan 5, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a milvus
Be the first to know when new medium vulnerabilities affecting n/a milvus are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / milvus
2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.6.5 2.6.6 2.6.7
References
vuldb.com: https://vuldb.com/?id.339486 vuldb.com: https://vuldb.com/?ctiid.339486 vuldb.com: https://vuldb.com/?submit.719061 github.com: https://github.com/milvus-io/milvus/issues/46442 github.com: https://github.com/milvus-io/milvus/issues/46442#issuecomment-3672197450 github.com: https://github.com/milvus-io/milvus/issues/46442#issue-3743414836 github.com: https://github.com/milvus-io/milvus/milestone/139
Credits
๐ 0x1f (VulDB User)