CVE-2026-11466
zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
13th
A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.
| CWE | CWE-284 CWE-266 |
| Vendor | zilliztech |
| Product | deep-searcher |
| Published | Jun 7, 2026 |
| Last Updated | Jun 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for zilliztech deep-searcher
Be the first to know when new medium vulnerabilities affecting zilliztech deep-searcher are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
zilliztech / deep-searcher
0.0.1 0.0.2
References
vuldb.com: https://vuldb.com/vuln/369086 vuldb.com: https://vuldb.com/vuln/369086/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11466 vuldb.com: https://vuldb.com/submit/833652 github.com: https://github.com/zilliztech/deep-searcher/issues/267 github.com: https://github.com/zilliztech/deep-searcher/pull/268 github.com: https://github.com/zilliztech/deep-searcher/
Credits
๐ Dem000 (VulDB User) VulDB CNA Team