Search

Find a vulnerability

Search criteria

    4 vulnerabilities by zilliztech

    CVE-2026-11466 (GCVE-0-2026-11466)

    Vulnerability from nvd – Published: 2026-06-07 23:00 – Updated: 2026-06-08 13:44
    VLAI
    Title
    zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control
    Summary
    A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Controls
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    zilliztech deep-searcher Affected: 0.0.1
    Affected: 0.0.2
        cpe:2.3:a:zilliztech:deep-searcher:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dem000 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11466",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T13:44:14.044854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T13:44:25.703Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:zilliztech:deep-searcher:*:*:*:*:*:*:*:*"
              ],
              "product": "deep-searcher",
              "vendor": "zilliztech",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.0.1"
                },
                {
                  "status": "affected",
                  "version": "0.0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Dem000 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-07T23:00:15.431Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369086 | zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/369086"
            },
            {
              "name": "VDB-369086 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369086/cti"
            },
            {
              "name": "CVE-2026-11466 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11466"
            },
            {
              "name": "Submit #833652 | zilliztech deep-searcher 0.0.2 Improper Authorization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/833652"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/zilliztech/deep-searcher/issues/267"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/zilliztech/deep-searcher/pull/268"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/zilliztech/deep-searcher/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-07T11:25:22.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11466",
        "datePublished": "2026-06-07T23:00:15.431Z",
        "dateReserved": "2026-06-07T09:20:16.327Z",
        "dateUpdated": "2026-06-08T13:44:25.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10812 (GCVE-0-2026-10812)

    Vulnerability from nvd – Published: 2026-06-04 14:15 – Updated: 2026-06-04 15:06
    VLAI
    Title
    zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash
    Summary
    A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input_data["image"] results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    zilliztech GPTCache Affected: 0.1.0
    Affected: 0.1.1
    Affected: 0.1.2
    Affected: 0.1.3
    Affected: 0.1.4
    Affected: 0.1.5
    Affected: 0.1.6
    Affected: 0.1.7
    Affected: 0.1.8
    Affected: 0.1.9
    Affected: 0.1.10
    Affected: 0.1.11
    Affected: 0.1.12
    Affected: 0.1.13
    Affected: 0.1.14
    Affected: 0.1.15
    Affected: 0.1.16
    Affected: 0.1.17
    Affected: 0.1.18
    Affected: 0.1.19
    Affected: 0.1.20
    Affected: 0.1.21
    Affected: 0.1.22
    Affected: 0.1.23
    Affected: 0.1.24
    Affected: 0.1.25
    Affected: 0.1.26
    Affected: 0.1.27
    Affected: 0.1.28
    Affected: 0.1.29
    Affected: 0.1.30
    Affected: 0.1.31
    Affected: 0.1.32
    Affected: 0.1.33
    Affected: 0.1.34
    Affected: 0.1.35
    Affected: 0.1.36
    Affected: 0.1.37
    Affected: 0.1.38
    Affected: 0.1.39
    Affected: 0.1.40
    Affected: 0.1.41
    Affected: 0.1.42
    Affected: 0.1.43
    Affected: 0.1.44
        cpe:2.3:a:zilliztech:gptcache:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dem0 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10812",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T15:05:12.549426Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T15:06:07.890Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:zilliztech:gptcache:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Cache Key Handler"
              ],
              "product": "GPTCache",
              "vendor": "zilliztech",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.1.0"
                },
                {
                  "status": "affected",
                  "version": "0.1.1"
                },
                {
                  "status": "affected",
                  "version": "0.1.2"
                },
                {
                  "status": "affected",
                  "version": "0.1.3"
                },
                {
                  "status": "affected",
                  "version": "0.1.4"
                },
                {
                  "status": "affected",
                  "version": "0.1.5"
                },
                {
                  "status": "affected",
                  "version": "0.1.6"
                },
                {
                  "status": "affected",
                  "version": "0.1.7"
                },
                {
                  "status": "affected",
                  "version": "0.1.8"
                },
                {
                  "status": "affected",
                  "version": "0.1.9"
                },
                {
                  "status": "affected",
                  "version": "0.1.10"
                },
                {
                  "status": "affected",
                  "version": "0.1.11"
                },
                {
                  "status": "affected",
                  "version": "0.1.12"
                },
                {
                  "status": "affected",
                  "version": "0.1.13"
                },
                {
                  "status": "affected",
                  "version": "0.1.14"
                },
                {
                  "status": "affected",
                  "version": "0.1.15"
                },
                {
                  "status": "affected",
                  "version": "0.1.16"
                },
                {
                  "status": "affected",
                  "version": "0.1.17"
                },
                {
                  "status": "affected",
                  "version": "0.1.18"
                },
                {
                  "status": "affected",
                  "version": "0.1.19"
                },
                {
                  "status": "affected",
                  "version": "0.1.20"
                },
                {
                  "status": "affected",
                  "version": "0.1.21"
                },
                {
                  "status": "affected",
                  "version": "0.1.22"
                },
                {
                  "status": "affected",
                  "version": "0.1.23"
                },
                {
                  "status": "affected",
                  "version": "0.1.24"
                },
                {
                  "status": "affected",
                  "version": "0.1.25"
                },
                {
                  "status": "affected",
                  "version": "0.1.26"
                },
                {
                  "status": "affected",
                  "version": "0.1.27"
                },
                {
                  "status": "affected",
                  "version": "0.1.28"
                },
                {
                  "status": "affected",
                  "version": "0.1.29"
                },
                {
                  "status": "affected",
                  "version": "0.1.30"
                },
                {
                  "status": "affected",
                  "version": "0.1.31"
                },
                {
                  "status": "affected",
                  "version": "0.1.32"
                },
                {
                  "status": "affected",
                  "version": "0.1.33"
                },
                {
                  "status": "affected",
                  "version": "0.1.34"
                },
                {
                  "status": "affected",
                  "version": "0.1.35"
                },
                {
                  "status": "affected",
                  "version": "0.1.36"
                },
                {
                  "status": "affected",
                  "version": "0.1.37"
                },
                {
                  "status": "affected",
                  "version": "0.1.38"
                },
                {
                  "status": "affected",
                  "version": "0.1.39"
                },
                {
                  "status": "affected",
                  "version": "0.1.40"
                },
                {
                  "status": "affected",
                  "version": "0.1.41"
                },
                {
                  "status": "affected",
                  "version": "0.1.42"
                },
                {
                  "status": "affected",
                  "version": "0.1.43"
                },
                {
                  "status": "affected",
                  "version": "0.1.44"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Dem0 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input_data[\"image\"] results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.6,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.6,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.4,
                "vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-328",
                  "description": "Use of Weak Hash",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-04T14:15:11.204Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368260 | zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368260"
            },
            {
              "name": "VDB-368260 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368260/cti"
            },
            {
              "name": "CVE-2026-10812 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10812"
            },
            {
              "name": "Submit #831636 | zilliztech GPTCache 0.1.44 Cache poisoning / improper cache key generation",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/831636"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/zilliztech/GPTCache/issues/684"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/zilliztech/GPTCache/pull/678"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/zilliztech/GPTCache/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-04T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-04T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-04T07:28:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10812",
        "datePublished": "2026-06-04T14:15:11.204Z",
        "dateReserved": "2026-06-04T05:22:50.962Z",
        "dateUpdated": "2026-06-04T15:06:07.890Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11466 (GCVE-0-2026-11466)

    Vulnerability from cvelistv5 – Published: 2026-06-07 23:00 – Updated: 2026-06-08 13:44
    VLAI
    Title
    zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control
    Summary
    A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Controls
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    zilliztech deep-searcher Affected: 0.0.1
    Affected: 0.0.2
        cpe:2.3:a:zilliztech:deep-searcher:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dem000 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11466",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T13:44:14.044854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T13:44:25.703Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:zilliztech:deep-searcher:*:*:*:*:*:*:*:*"
              ],
              "product": "deep-searcher",
              "vendor": "zilliztech",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.0.1"
                },
                {
                  "status": "affected",
                  "version": "0.0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Dem000 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-07T23:00:15.431Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369086 | zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/369086"
            },
            {
              "name": "VDB-369086 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369086/cti"
            },
            {
              "name": "CVE-2026-11466 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11466"
            },
            {
              "name": "Submit #833652 | zilliztech deep-searcher 0.0.2 Improper Authorization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/833652"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/zilliztech/deep-searcher/issues/267"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/zilliztech/deep-searcher/pull/268"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/zilliztech/deep-searcher/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-07T11:25:22.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11466",
        "datePublished": "2026-06-07T23:00:15.431Z",
        "dateReserved": "2026-06-07T09:20:16.327Z",
        "dateUpdated": "2026-06-08T13:44:25.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10812 (GCVE-0-2026-10812)

    Vulnerability from cvelistv5 – Published: 2026-06-04 14:15 – Updated: 2026-06-04 15:06
    VLAI
    Title
    zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash
    Summary
    A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input_data["image"] results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    zilliztech GPTCache Affected: 0.1.0
    Affected: 0.1.1
    Affected: 0.1.2
    Affected: 0.1.3
    Affected: 0.1.4
    Affected: 0.1.5
    Affected: 0.1.6
    Affected: 0.1.7
    Affected: 0.1.8
    Affected: 0.1.9
    Affected: 0.1.10
    Affected: 0.1.11
    Affected: 0.1.12
    Affected: 0.1.13
    Affected: 0.1.14
    Affected: 0.1.15
    Affected: 0.1.16
    Affected: 0.1.17
    Affected: 0.1.18
    Affected: 0.1.19
    Affected: 0.1.20
    Affected: 0.1.21
    Affected: 0.1.22
    Affected: 0.1.23
    Affected: 0.1.24
    Affected: 0.1.25
    Affected: 0.1.26
    Affected: 0.1.27
    Affected: 0.1.28
    Affected: 0.1.29
    Affected: 0.1.30
    Affected: 0.1.31
    Affected: 0.1.32
    Affected: 0.1.33
    Affected: 0.1.34
    Affected: 0.1.35
    Affected: 0.1.36
    Affected: 0.1.37
    Affected: 0.1.38
    Affected: 0.1.39
    Affected: 0.1.40
    Affected: 0.1.41
    Affected: 0.1.42
    Affected: 0.1.43
    Affected: 0.1.44
        cpe:2.3:a:zilliztech:gptcache:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dem0 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10812",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T15:05:12.549426Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T15:06:07.890Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:zilliztech:gptcache:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Cache Key Handler"
              ],
              "product": "GPTCache",
              "vendor": "zilliztech",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.1.0"
                },
                {
                  "status": "affected",
                  "version": "0.1.1"
                },
                {
                  "status": "affected",
                  "version": "0.1.2"
                },
                {
                  "status": "affected",
                  "version": "0.1.3"
                },
                {
                  "status": "affected",
                  "version": "0.1.4"
                },
                {
                  "status": "affected",
                  "version": "0.1.5"
                },
                {
                  "status": "affected",
                  "version": "0.1.6"
                },
                {
                  "status": "affected",
                  "version": "0.1.7"
                },
                {
                  "status": "affected",
                  "version": "0.1.8"
                },
                {
                  "status": "affected",
                  "version": "0.1.9"
                },
                {
                  "status": "affected",
                  "version": "0.1.10"
                },
                {
                  "status": "affected",
                  "version": "0.1.11"
                },
                {
                  "status": "affected",
                  "version": "0.1.12"
                },
                {
                  "status": "affected",
                  "version": "0.1.13"
                },
                {
                  "status": "affected",
                  "version": "0.1.14"
                },
                {
                  "status": "affected",
                  "version": "0.1.15"
                },
                {
                  "status": "affected",
                  "version": "0.1.16"
                },
                {
                  "status": "affected",
                  "version": "0.1.17"
                },
                {
                  "status": "affected",
                  "version": "0.1.18"
                },
                {
                  "status": "affected",
                  "version": "0.1.19"
                },
                {
                  "status": "affected",
                  "version": "0.1.20"
                },
                {
                  "status": "affected",
                  "version": "0.1.21"
                },
                {
                  "status": "affected",
                  "version": "0.1.22"
                },
                {
                  "status": "affected",
                  "version": "0.1.23"
                },
                {
                  "status": "affected",
                  "version": "0.1.24"
                },
                {
                  "status": "affected",
                  "version": "0.1.25"
                },
                {
                  "status": "affected",
                  "version": "0.1.26"
                },
                {
                  "status": "affected",
                  "version": "0.1.27"
                },
                {
                  "status": "affected",
                  "version": "0.1.28"
                },
                {
                  "status": "affected",
                  "version": "0.1.29"
                },
                {
                  "status": "affected",
                  "version": "0.1.30"
                },
                {
                  "status": "affected",
                  "version": "0.1.31"
                },
                {
                  "status": "affected",
                  "version": "0.1.32"
                },
                {
                  "status": "affected",
                  "version": "0.1.33"
                },
                {
                  "status": "affected",
                  "version": "0.1.34"
                },
                {
                  "status": "affected",
                  "version": "0.1.35"
                },
                {
                  "status": "affected",
                  "version": "0.1.36"
                },
                {
                  "status": "affected",
                  "version": "0.1.37"
                },
                {
                  "status": "affected",
                  "version": "0.1.38"
                },
                {
                  "status": "affected",
                  "version": "0.1.39"
                },
                {
                  "status": "affected",
                  "version": "0.1.40"
                },
                {
                  "status": "affected",
                  "version": "0.1.41"
                },
                {
                  "status": "affected",
                  "version": "0.1.42"
                },
                {
                  "status": "affected",
                  "version": "0.1.43"
                },
                {
                  "status": "affected",
                  "version": "0.1.44"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Dem0 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input_data[\"image\"] results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.6,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.6,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.4,
                "vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-328",
                  "description": "Use of Weak Hash",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-04T14:15:11.204Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368260 | zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368260"
            },
            {
              "name": "VDB-368260 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368260/cti"
            },
            {
              "name": "CVE-2026-10812 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10812"
            },
            {
              "name": "Submit #831636 | zilliztech GPTCache 0.1.44 Cache poisoning / improper cache key generation",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/831636"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/zilliztech/GPTCache/issues/684"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/zilliztech/GPTCache/pull/678"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/zilliztech/GPTCache/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-04T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-04T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-04T07:28:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10812",
        "datePublished": "2026-06-04T14:15:11.204Z",
        "dateReserved": "2026-06-04T05:22:50.962Z",
        "dateUpdated": "2026-06-04T15:06:07.890Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }