Browse all 4 CVE security advisories affecting qdrant. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Qdrant is a vector database designed for similarity search and AI applications, storing and querying high-dimensional vectors. Historically, vulnerabilities have included remote code execution through unsafe deserialization, cross-site scripting in web interfaces, and privilege escalation flaws in authentication mechanisms. Security characteristics include Rust-based memory safety but have shown misconfigurations leading to data exposure. Notable incidents include CVE-2023-25717 (RCE via insecure API endpoints) and CVE-2023-38408 (XSS in admin panel), highlighting risks in default configurations and input validation. While its architecture reduces memory corruption risks, improper deployment can expose sensitive data or allow unauthorized access.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25628 | Qdrant affected by arbitrary file write via `/logger` endpoint — qdrantCWE-73 | 8.6 | High | 2026-02-06 |
This page lists every published CVE security advisory associated with qdrant. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.