Description
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management. This vulnerability is fixed in 2.5.27 and 2.6.10.
Published: 2026-02-13
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Milvus exposes port 9091 by default, and the /expr debug endpoint uses a weak, predictable authentication token derived from etcd.rootPath. This oversight allows anyone with network access to the metrics port to bypass authentication, execute arbitrary expressions, and manipulate both data and credentials through the full REST API. The vulnerability aligns with missing login checks (CWE-306) and results in remote code execution capable of compromising the entire system.

Affected Systems

Milvus (milvus-io:milvus) versions prior to 2.5.27 and 2.6.10 are affected. Users running these releases should verify whether their deployments expose port 9091 and whether the /expr endpoint is enabled.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity, while the EPSS score of less than 1% suggests the likelihood of exploitation is low but nonzero. The vulnerability is not listed in the CISA KEV catalog. Attacking requires only establishing a TCP connection to the metrics port and sending requests; no authentication is required. The simple attack path and wide exposure make this a high-risk issue for any unathenticated accessible Milvus service.

Generated by OpenCVE AI on April 17, 2026 at 19:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Milvus to version 2.5.27 or later, or 2.6.10 or newer, to receive the fix that removes unauthenticated access to the metrics port.
  • Restrict network access to port 9091 by configuring firewalls or networking controls so that only trusted hosts can reach the metrics endpoint.
  • Disable or secure the /expr debug endpoint by setting a strong custom authentication token and ensuring etcd.rootPath is not the default value.
  • Enforce authentication for the full REST API (/api/v1/*) or disable the metrics port if it is not required for monitoring.

Generated by OpenCVE AI on April 17, 2026 at 19:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-7ppg-37fh-vcr6 Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
History

Wed, 18 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:milvus:milvus:*:*:*:*:*:*:*:*

Sat, 14 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Milvus
Milvus milvus
Vendors & Products Milvus
Milvus milvus

Fri, 13 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Description Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management. This vulnerability is fixed in 2.5.27 and 2.6.10.
Title Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Milvus Milvus
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-26T14:44:20.414Z

Reserved: 2026-02-11T19:56:24.812Z

Link: CVE-2026-26190

cve-icon Vulnrichment

Updated: 2026-02-13T19:37:23.724Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-13T19:17:29.253

Modified: 2026-02-18T19:11:12.333

Link: CVE-2026-26190

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T20:00:09Z

Weaknesses