{"data":{"id":"5172a3b3-95ab-41e5-8409-d98cd6634129","title":"CVE-2026-25628: Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append t","summary":"Qdrant (a vector similarity search engine and vector database) has a vulnerability in versions 1.9.3 through 1.15.x where an attacker with read-only access can use the /logger endpoint to append data to arbitrary files on the system by controlling the on_disk.log_file path parameter. This vulnerability allows unauthorized file manipulation with minimal privileges required.","solution":"Update to Qdrant version 1.16.0 or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-25628","publishedAt":"2026-02-07T02:16:18.083Z","cveId":"CVE-2026-25628","cweIds":["CWE-73"],"cvssScore":"8.5","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Qdrant"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00021,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}