CVE-2026-10814: Use of Weak Hash in milvus-io milvus
A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The attack's complexity is rated as high. It is stated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 3d932f1c3e065351c4440c27abe1e6479752544d. Applying a patch is the recommended action to fix this issue.
AI Analysis
Technical Summary
This vulnerability in milvus-io milvus up to version 2.6.13 involves the use of a weak hash function within the Grantee ID Hash Handler component, specifically in the internal/metastore/kv/rootcoord/kv_catalog.go file. The weakness could potentially affect the integrity or security of hashed data related to grantee IDs. Exploitation requires local access with low privileges and is rated as having high complexity, making successful attacks difficult. The vulnerability has been publicly disclosed, and a patch is available as identified by commit 3d932f1c3e065351c4440c27abe1e6479752544d. No cloud service is involved, and no known exploits are currently in the wild.
Potential Impact
The impact is limited due to the requirement for local access and high attack complexity. The use of a weak hash may affect data integrity or security related to grantee IDs but does not allow remote exploitation or privilege escalation by itself. The CVSS score of 2 reflects a low severity impact.
Mitigation Recommendations
A patch identified by commit 3d932f1c3e065351c4440c27abe1e6479752544d is recommended to remediate this vulnerability. Since the vendor advisory or official remediation level is not explicitly provided, users should apply this patch to affected versions (2.6.0 through 2.6.13) to address the weak hash usage. Patch status is not yet confirmed by an official advisory; therefore, check the vendor's resources for the latest remediation guidance.
CVE-2026-10814: Use of Weak Hash in milvus-io milvus
Description
A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The attack's complexity is rated as high. It is stated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 3d932f1c3e065351c4440c27abe1e6479752544d. Applying a patch is the recommended action to fix this issue.
CVSS v4.0
Score 2.0low
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in milvus-io milvus up to version 2.6.13 involves the use of a weak hash function within the Grantee ID Hash Handler component, specifically in the internal/metastore/kv/rootcoord/kv_catalog.go file. The weakness could potentially affect the integrity or security of hashed data related to grantee IDs. Exploitation requires local access with low privileges and is rated as having high complexity, making successful attacks difficult. The vulnerability has been publicly disclosed, and a patch is available as identified by commit 3d932f1c3e065351c4440c27abe1e6479752544d. No cloud service is involved, and no known exploits are currently in the wild.
Potential Impact
The impact is limited due to the requirement for local access and high attack complexity. The use of a weak hash may affect data integrity or security related to grantee IDs but does not allow remote exploitation or privilege escalation by itself. The CVSS score of 2 reflects a low severity impact.
Mitigation Recommendations
A patch identified by commit 3d932f1c3e065351c4440c27abe1e6479752544d is recommended to remediate this vulnerability. Since the vendor advisory or official remediation level is not explicitly provided, users should apply this patch to affected versions (2.6.0 through 2.6.13) to address the weak hash usage. Patch status is not yet confirmed by an official advisory; therefore, check the vendor's resources for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-04T05:41:43.203Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a219e6ae29bf47b50b44746
Added to database: 6/4/2026, 3:48:58 PM
Last enriched: 6/4/2026, 4:04:15 PM
Last updated: 6/5/2026, 4:58:26 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.