AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-10814: A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file int

mediumvulnerability

security

Source: NVD/CVE DatabaseJune 4, 2026CVE-2026-10814

Summary

A vulnerability exists in Milvus (a vector database software) versions up to 2.6.13 where the Grantee ID Hash Handler component uses weak hash (a cryptographic function that is easy to break). An attacker would need local access to the system and would face high complexity in exploiting it, though the vulnerability details have been publicly disclosed.

Solution / Mitigation

Apply the patch identified as 3d932f1c3e065351c4440c27abe1e6479752544d to fix this issue.

Vulnerability Details

CVSS Score

4.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

local

Attack Complexity

high

Privileges Required

low

User Interaction

none

Disclosure Date

June 4, 2026

Classification

Attack SophisticationAdvanced

Impact (CIA+S)

integrity

AI Component TargetedRAG

Taxonomy References

CWE (Weakness Type)

CWE-327 CWE-328

CAPEC (Attack Pattern)

CAPEC-20

Affected Vendors

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-10814

First tracked: June 5, 2026 at 02:08 AM

Classified by LLM (prompt v3) · confidence: 85%