Browse all 4 CVE security advisories affecting qdrant. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Qdrant is a vector database designed for similarity search and AI applications, storing and querying high-dimensional vectors. Historically, vulnerabilities have included remote code execution through unsafe deserialization, cross-site scripting in web interfaces, and privilege escalation flaws in authentication mechanisms. Security characteristics include Rust-based memory safety but have shown misconfigurations leading to data exposure. Notable incidents include CVE-2023-25717 (RCE via insecure API endpoints) and CVE-2023-38408 (XSS in admin panel), highlighting risks in default configurations and input validation. While its architecture reduces memory corruption risks, improper deployment can expose sensitive data or allow unauthorized access.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25628 | Qdrant affected by arbitrary file write via `/logger` endpoint — qdrantCWE-73 | 8.6 | High | 2026-02-06 |
| CVE-2024-3829 | Arbitrary File Read and Write during Snapshot Recovery in qdrant/qdrant — qdrant/qdrantCWE-59 | 9.8AI | CriticalAI | 2024-06-03 |
| CVE-2024-3584 | Path Traversal in qdrant/qdrant — qdrant/qdrantCWE-20 | 9.8AI | CriticalAI | 2024-05-30 |
| CVE-2024-2221 | Path Traversal and Arbitrary File Upload Vulnerability in qdrant/qdrant — qdrant/qdrantCWE-434 | 9.8AI | CriticalAI | 2024-04-10 |
This page lists every published CVE security advisory associated with qdrant. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.