PatchSiren cyber security CVE debrief
CVE-2026-10814 milvus-io CVE debrief
A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The attack's complexity is rated as high. It is stated that the exploitability is difficult. The exploit has been disclosed to the public and may be used.
- Vendor
- milvus-io
- Product
- milvus
- CVSS
- LOW 1.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-10
Who should care
Users of Milvus up to version 2.6.13
Technical summary
The vulnerability is caused by the use of a weak hash in the Grantee ID Hash Handler. The affected code is located in the file internal/metastore/kv/rootcoord/kv_catalog.go.
Defensive priority
Low
Recommended defensive actions
- Apply the patch with identifier 3d932f1c3e065351c4440c27abe1e6479752544d.
Evidence notes
The CVSS score for this vulnerability is 1.1, indicating a low severity.
Official resources
-
CVE-2026-10814 CVE record
CVE.org
-
CVE-2026-10814 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Product
-
Mitigation or vendor reference
[email protected] - Patch
-
Source reference
[email protected] - Issue Tracking
-
Mitigation or vendor reference
[email protected] - Patch, Issue Tracking
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Publicly disclosed