CVE-2024-3078: A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown
mediumvulnerability
security
Summary
A critical vulnerability was discovered in Qdrant (a vector database system) versions up to 1.6.1, 1.7.4, and 1.8.2 that allows path traversal (a technique where attackers access files outside intended directories) through the Full Snapshot REST API (a web interface for creating system backups). This flaw could let attackers manipulate file paths to access unauthorized files on the system.
Solution / Mitigation
Upgrade to Qdrant version 1.8.3 or later. The specific patch is identified as 3ab5172e9c8f14fa1f7b24e7147eac74e2412b62.
Vulnerability Details
CVSS Score
5.5(medium)
EPSS (30-day exploit probability)
EPSS: 0.2%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
HuggingFace
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-3078
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 85%