CVE-2024-2221: qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTIO
highvulnerability
security
Summary
Qdrant (a vector database software) has a vulnerability in its snapshot upload endpoint that allows attackers to upload files to any location on the server's filesystem through path traversal (using special file path sequences to access directories they shouldn't). This could let attackers execute arbitrary code on the server and damage the system's integrity and availability.
Solution / Mitigation
A patch is available at https://github.com/qdrant/qdrant/commit/e6411907f0ecf3c2f8ba44ab704b9e4597d9705d
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 25.5%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-2221
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 85%