PatchSiren cyber security CVE debrief
CVE-2026-11466 zilliztech CVE debrief
A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.
- Vendor
- zilliztech
- Product
- deep-searcher
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-07
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-07
- Advisory updated
- 2026-06-08
Who should care
Users of zilliztech deep-searcher up to 0.0.2
Technical summary
The vulnerability affects the CollectionRouter.invoke function in deepsearcher/agent/collection_router.py due to improper handling of the kwargs argument, leading to improper access controls.
Defensive priority
LOW
Recommended defensive actions
- Apply the fix once the pull request is accepted and merged.
- Restrict access to the CollectionRouter.invoke function.
- Monitor for public exploit availability and adjust defensive measures accordingly.
Evidence notes
Vendor: Unknown Vendor, Product: zilliztech deep-searcher up to 0.0.2, CVSS Score: 2.1, CVSS Severity: LOW
Official resources
CVE-2026-11466 was published on 2026-06-07T23:16:42.213Z and modified on 2026-06-08T14:57:14.757Z.