CVE-2026-10814
milvus-io milvus Grantee ID Hash kv_catalog.go weak hash
CVSS Score
4.5
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The attack's complexity is rated as high. It is stated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 3d932f1c3e065351c4440c27abe1e6479752544d. Applying a patch is the recommended action to fix this issue.
| CWE | CWE-328 CWE-327 |
| Vendor | milvus-io |
| Product | milvus |
| Published | Jun 4, 2026 |
| Last Updated | Jun 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for milvus-io milvus
Be the first to know when new medium vulnerabilities affecting milvus-io milvus are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
milvus-io / milvus
2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.6.5 2.6.6 2.6.7 2.6.8 2.6.9 2.6.10 2.6.11 2.6.12 2.6.13
References
vuldb.com: https://vuldb.com/vuln/368262 vuldb.com: https://vuldb.com/vuln/368262/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10814 vuldb.com: https://vuldb.com/submit/831645 github.com: https://github.com/milvus-io/milvus/issues/49857 github.com: https://github.com/milvus-io/milvus/pull/50060 github.com: https://github.com/milvus-io/milvus/commit/3d932f1c3e065351c4440c27abe1e6479752544d github.com: https://github.com/milvus-io/milvus/
Credits
๐ Dem00 (VulDB User)