CVE-2026-25628

Published February 6th, 2026

View on NVD ↗

CVSS v3

8.5

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled on_disk.log_file path. Minimal privileges are required (read-only access). This vulnerability is fixed in 1.16.0.

qdrant/qdrant

Qdrant - High-performance, massive-scale Vector Database and Vector Search Engine for the next generation of AI. Also available in the cloud https://cloud.qdrant.io/

GitHub

32.7K