DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-7PPG-37FH-VCR6: Vector Injection? No, Just Regular Injection: Milvus Critical Auth Bypass

#security #cve #cybersecurity #ghsa

Vector Injection? No, Just Regular Injection: Milvus Critical Auth Bypass

Vulnerability ID: GHSA-7PPG-37FH-VCR6
CVSS Score: 9.8
Published: 2026-02-11

In the gold rush of the AI revolution, vector databases like Milvus have become the vaults where companies store their most precious semantic data. But while everyone was worried about prompt injection or model poisoning, Milvus accidentally left the back door wide open. A critical vulnerability in the metrics and management interface (port 9091) exposes the entire administrative REST API without authentication. Worse, a debug endpoint allows arbitrary Go expression evaluation with a hardcoded default token. This isn't just a data leak; it's a full system compromise waiting to happen.

TL;DR

Milvus exposes its administrative REST API and a debug console on port 9091 by default. Due to missing middleware, requests to this port bypass all authentication. Attackers can create admin users, dump credentials, or execute arbitrary code using the default by-dev token.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-306 (Missing Authentication for Critical Function)
  • CVSS Score: 9.8 (Critical)
  • Attack Vector: Network (Port 9091)
  • Secondary Weakness: CWE-1188 (Insecure Default Initialization of Resource)
  • Exploit Status: PoC Available / High Reliability
  • Default Token: auth=by-dev

Affected Systems

  • Milvus Vector Database
  • Milvus: < 2.5.27 (Fixed in: 2.5.27)
  • Milvus: >= 2.6.0, < 2.6.10 (Fixed in: 2.6.10)

Code Analysis

Commit: Not Pro

Fix commits were applied in release 2.5.27 and 2.6.10 removing the router registration.

Exploit Details

  • Manual: Requests to port 9091 with 'auth=by-dev' query parameter.

Mitigation Strategies

  • Network Segmentation
  • Software Upgrade
  • Configuration Hardening

Remediation Steps:

  1. Upgrade Milvus to version 2.5.27 or 2.6.10.
  2. Restrict access to TCP port 9091 (metrics) to localhost or internal monitoring subnets only.
  3. Change the default 'etcd.rootPath' configuration value from 'by-dev' to a secure string.
  4. Verify that the '/expr' endpoint returns 404 on the metrics port after patching.

References

Read the full report for GHSA-7PPG-37FH-VCR6 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)