CVE-2026-11466

Source
https://cve.org/CVERecord?id=CVE-2026-11466
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-11466.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-11466
Published
2026-06-07T23:00:15.431Z
Modified
2026-07-08T07:46:35.727435566Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control
Details

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/11xxx/CVE-2026-11466.json",
    "cwe_ids": [
        "CWE-266",
        "CWE-284"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/zilliztech/deep-searcher

Affected ranges

Type
GIT
Repo
https://github.com/zilliztech/deep-searcher
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0.0.1"
        },
        {
            "last_affected": "0.0.1"
        },
        {
            "introduced": "0.0.2"
        },
        {
            "last_affected": "0.0.2"
        }
    ]
}

Affected versions

0.*
0.0.1
0.0.2
v0.*
v0.0.1
v0.0.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-11466.json"