CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Summary
Milvus, a vector database (a specialized storage system for AI data) used in generative AI applications, had a security flaw in versions before 2.5.27 and 2.6.10 where it exposed port 9091 by default, allowing attackers to bypass authentication (security checks that verify who you are) in two ways: through a predictable default token on a debug endpoint, and by accessing the full REST API (the interface applications use to communicate with the database) without any password or login required, potentially letting them steal or modify data.
Solution / Mitigation
Update to Milvus version 2.5.27 or 2.6.10, where this vulnerability is fixed.
Vulnerability Details
9.8(critical)
EPSS: 0.3%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-26190
First tracked: February 13, 2026 at 03:07 PM
Classified by LLM (prompt v3) · confidence: 95%