CVE-2026-11466
MediumCVSS 5.4Summary
A weakness has been identified in zilliztech deep-searcher up to version 0.0.2, affecting the function CollectionRouter.invoke in the file deepsearcher/agent/collection_router.py. Manipulation of the argument kwargs leads to improper access controls.
Risk Assessment
The possibility of remote exploitation poses a risk of attacks on the system. A publicly available exploit could be used by potential attackers.
Recommendation
It is recommended to update to the latest version of zilliztech deep-searcher to patch this vulnerability. Additionally, monitoring systems for unauthorized access is advised.
Original NVD description (English source)
A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.

