What is the CVSS score of CVE-2026-26190?

CVE-2026-26190 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.3%.

Which versions of AI / ML are affected by CVE-2026-26190?

Milvus vector databases in your environment are exposed to critical authentication bypass attacks through an unpatched default configuration, potentially allowing unauthorized access to sensitive…. A patch is available.

Is there a public PoC exploit available for CVE-2026-26190?

Yes, a public proof-of-concept exploit is available for CVE-2026-26190. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2026-26190?

Within 24 hours: Identify all Milvus instances in your environment and verify which are running vulnerable versions (pre-2.5.27 or pre-2.6.10); implement immediate network-level blocking of port 9091 from untrusted sources. Within 7 days: Apply vendor patches to upgrade all Milvus deployments to 2.5.27, 2.6.10, or later. Within 30 days: Conduct a security audit of all Milvus instances to ensure port 9091 is restricted, review access logs for unauthorized connection attempts, and validate patch deployment across all infrastructure.

AI / ML CVE-2026-26190

CRITICAL

Missing Authentication for Critical Function (CWE-306)

2026-02-13 security-advisories@github.com

GHSA-7ppg-37fh-vcr6

Authentication Bypass AI / ML Milvus Suse

9.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SUSE

CRITICAL

qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

PoC Detected

Feb 18, 2026 - 19:11 vuln.today

Public exploit code

Patch released

Feb 18, 2026 - 19:11 nvd

Patch available

CVE Published

Feb 13, 2026 - 19:17 nvd

CRITICAL 9.8

DescriptionGitHub Advisory

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management. This vulnerability is fixed in 2.5.27 and 2.6.10.

AnalysisAI

Unauthenticated API access in Milvus vector database before 2.5.27/2.6.10. TCP port 9091 exposed by default without authentication. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Connect to TCP port 9091

Exploit

Access /expr endpoint with default token

Execution

Evaluate arbitrary expressions

Impact

Manipulate database data

Access

Connect to TCP port 9091

Exploit

Access /expr endpoint with default token

Execution

Evaluate arbitrary expressions

Impact

Manipulate database data

Vulnerability AssessmentAI

Exploitation	Milvus versions prior to 2.5.27 and 2.6.10 with TCP port 9091 exposed and /expr debug endpoint enabled using default etcd.rootPath authentication token (by-dev). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 9.8. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	Attacker connects to exposed Milvus port 9091, accesses or modifies vector embeddings used by AI applications.
Remediation	Update Milvus. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Milvus instances in your environment and verify which are running vulnerable versions (pre-2.5.27 or pre-2.6.10); implement immediate network-level blocking of port 9091 from untrusted sources. …

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Critical

Product	Status
openSUSE Leap 15.6	Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP5	Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6	Fixed
openSUSE Leap 15.5	Fixed

CVE-2026-26190 vulnerability details – vuln.today

Back

AI / ML CVE-2026-26190

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code