CVE Catalog

CVE-2026-11466

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Summary

A weakness has been identified in zilliztech deep-searcher up to version 0.0.2, affecting the function CollectionRouter.invoke in the file deepsearcher/agent/collection_router.py. Manipulation of the argument kwargs leads to improper access controls.

Risk Assessment

The possibility of remote exploitation poses a risk of attacks on the system. A publicly available exploit could be used by potential attackers.

Recommendation

It is recommended to update to the latest version of zilliztech deep-searcher to patch this vulnerability. Additionally, monitoring systems for unauthorized access is advised.

Original NVD description (English source)

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS