CVE-2026-10814
Published: Thu, 04 Jun 2026 16:16
Summary
A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID Hash Hand
Details
A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The attack's complexity is rated as high. It is stated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 3d932f1c3e065351c4440c27abe1e6479752544d. Applying a patch is the recommended action to fix this issue.
Are YOU affected by CVE-2026-10814?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether CVE-2026-10814 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
References
- https://github.com/milvus-io/milvus/
- https://github.com/milvus-io/milvus/commit/3d932f1c3e065351c4440c27abe1e6479752544d
- https://github.com/milvus-io/milvus/issues/49857
- https://github.com/milvus-io/milvus/pull/50060
- https://vuldb.com/cve/CVE-2026-10814
- https://vuldb.com/submit/831645
- https://vuldb.com/vuln/368262
- https://vuldb.com/vuln/368262/cti
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.