CVE-2026-26190 is a critical missing authentication vulnerability (CWE-306) affecting Milvus, an open-source vector database widely used in generative AI workloads. The vulnerability arises because Milvus versions prior to 2.5.27 and between 2.6.0 and 2.6.10 expose TCP port 9091 by default without enforcing proper authentication controls. Specifically, the /expr debug endpoint relies on a weak, predictable default authentication token derived from the etcd.rootPath configuration (defaulting to 'by-dev'), which can be easily guessed or derived by an attacker. This flaw enables arbitrary expression evaluation, potentially allowing attackers to execute unauthorized commands or queries. Furthermore, the full REST API accessible via the metrics/management port (/api/v1/*) is registered without any authentication, granting unauthenticated attackers full access to critical business operations such as data manipulation, credential management, and other administrative functions. This combination of weak token usage and unauthenticated API endpoints results in a severe security risk, allowing attackers to compromise confidentiality, integrity, and availability of the Milvus database and its hosted data. The vulnerability has been assigned a CVSS v3.1 score of 9.8 (critical), reflecting its ease of exploitation (network accessible, no privileges or user interaction required) and the high impact on confidentiality, integrity, and availability. While no known exploits have been reported in the wild yet, the severity and simplicity of exploitation make this a high-priority issue for organizations using affected Milvus versions. The vendor has addressed this vulnerability in versions 2.5.27 and 2.6.10 by enforcing proper authentication mechanisms on the exposed ports and endpoints.

For European organizations, the impact of CVE-2026-26190 is significant due to the critical role Milvus plays in managing vector data for AI applications. Successful exploitation could lead to unauthorized access to sensitive AI model data, manipulation or deletion of critical datasets, and compromise of credential management systems. This could result in data breaches, loss of intellectual property, disruption of AI services, and potential regulatory non-compliance under GDPR due to unauthorized data exposure. The unauthenticated access to administrative APIs could allow attackers to pivot within the network, escalate privileges, or disrupt business operations relying on Milvus. Given the increasing adoption of AI and vector databases in sectors such as finance, healthcare, and manufacturing across Europe, the threat poses a high risk to operational continuity and data security. Additionally, the ease of exploitation without authentication or user interaction increases the likelihood of automated attacks or scanning by malicious actors targeting exposed Milvus instances.

European organizations should immediately verify their Milvus deployments and upgrade to versions 2.5.27 or 2.6.10 or later, where the vulnerability is patched. If immediate upgrading is not feasible, organizations should restrict network access to TCP port 9091 and the metrics/management port using firewalls or network segmentation to prevent unauthorized external access. Implement strict access controls and monitoring on internal networks where Milvus is deployed. Disable or secure debug endpoints such as /expr if they are not required for production environments. Employ network-level authentication or VPNs to limit access to Milvus management interfaces. Regularly audit Milvus configurations to ensure no default or weak authentication tokens are in use, and rotate credentials frequently. Integrate Milvus monitoring logs with SIEM solutions to detect anomalous access patterns or unauthorized API calls. Finally, educate DevOps and security teams about this vulnerability to ensure timely patching and secure deployment practices for AI infrastructure.