CVE-2026-11466 – zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control

CVE ID :CVE-2026-11466

Published : June 7, 2026, 11:16 p.m. | 1 hour, 16 minutes ago

Description :A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-11469 – jishenghua jshERP platformConfig Add Endpoint PlatformConfigService.java insertPlatformConfig server-side request forgery

CVE-2026-11468 – SourceCodester Hospitals Patient Records Management System page room_types cross site scripting

CVE-2026-11467 – jishenghua jshERP addAccountHeadAndDetail Endpoint AccountHeadService.java path traversal

CVE-2026-11465 – songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go Redeem logic error