Is there a public PoC exploit available for CVE-2026-10814?

Yes, a public proof-of-concept exploit is available for CVE-2026-10814. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2026-10814?

Yes, a patch is available for CVE-2026-10814. Update the affected software to the latest version immediately.

Milvus CVE-2026-10814

Q: What is the CVSS score of CVE-2026-10814?

CVE-2026-10814 has a CVSS 4.0 base score of 1.1 (Low). CVSS vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-34292 LOW

Use of Weak Hash (CWE-328)

2026-06-04 VulDB

GHSA-jh6h-v6mp-h22v

Information Disclosure Milvus

1.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.1 LOW

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Jun 04, 2026 - 16:22 NVD

MEDIUM LOW

CVSS changed

Jun 04, 2026 - 16:22 NVD

4.5 (MEDIUM) 1.1 (LOW)

Source Code Evidence Fetched

Jun 04, 2026 - 16:18 vuln.today

Analysis Generated

Jun 04, 2026 - 16:18 vuln.today

DescriptionCVE.org

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The attack's complexity is rated as high. It is stated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 3d932f1c3e065351c4440c27abe1e6479752544d. Applying a patch is the recommended action to fix this issue.

AnalysisAI

Weak hashing in milvus-io/milvus up to 2.6.13 exposes the Grantee ID Hash Handler in the KV metadata catalog (internal/metastore/kv/rootcoord/kv_catalog.go), allowing a low-privileged local attacker to predict or forge 16-character grantee IDs used in RBAC privilege assignments backed by etcd. Successful exploitation - rated high complexity - could result in unauthorized manipulation of access control metadata, yielding low-level confidentiality, integrity, and availability impact on the affected Milvus instance. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain low-privilege local host access

Delivery

Enumerate etcd grantee ID entries

Exploit

Identify legacy 16-character hash format

Execution

Predict or forge target high-privilege grantee ID

Persist

Overwrite KV metadata to bind attacker account to forged grantee ID

Impact

Access restricted Milvus RBAC-protected resources