zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control_CVE-2026-11466

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.

Basic Information

ID CVE-2026-11466

Source VulDB

Published Jun 7, 2026 at 23:00

Affected Product

Vendor zilliztech

Product deep-searcher

Version 0.0.1

Affected Versions zilliztech deep-searcher 0.0.1
zilliztech deep-searcher 0.0.2

CWE Classification

CWE-284 CWE-266

References

{
    "lastseen": "",
    "description": "A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.",
    "published": "2026-06-07T23:00:15.431Z",
    "modified": "2026-06-07T23:00:15.431Z",
    "type": "cve",
    "title": "zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/369086\nhttps://vuldb.com/vuln/369086/cti\nhttps://vuldb.com/cve/CVE-2026-11466\nhttps://vuldb.com/submit/833652\nhttps://github.com/zilliztech/deep-searcher/issues/267\nhttps://github.com/zilliztech/deep-searcher/pull/268\nhttps://github.com/zilliztech/deep-searcher/",
    "id": "CVE-2026-11466",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "zilliztech deep-searcher 0.0.1\nzilliztech deep-searcher 0.0.2",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "deep-searcher",
    "version": "0.0.1",
    "vendor": "zilliztech",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}