Vulnerability Details CVE-2026-25628
Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled on_disk.log_file path. Minimal privileges are required (read-only access). This vulnerability is fixed in 1.16.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.2%
CVSS Severity
CVSS v3 Score 8.5
References
Products affected by CVE-2026-25628
-
cpe:2.3:a:qdrant:qdrant:1.10.0
-
cpe:2.3:a:qdrant:qdrant:1.10.1
-
cpe:2.3:a:qdrant:qdrant:1.11.0
-
cpe:2.3:a:qdrant:qdrant:1.11.1
-
cpe:2.3:a:qdrant:qdrant:1.11.2
-
cpe:2.3:a:qdrant:qdrant:1.11.3
-
cpe:2.3:a:qdrant:qdrant:1.11.4
-
cpe:2.3:a:qdrant:qdrant:1.11.5
-
cpe:2.3:a:qdrant:qdrant:1.12.0
-
cpe:2.3:a:qdrant:qdrant:1.12.1
-
cpe:2.3:a:qdrant:qdrant:1.12.2
-
cpe:2.3:a:qdrant:qdrant:1.12.3
-
cpe:2.3:a:qdrant:qdrant:1.12.4
-
cpe:2.3:a:qdrant:qdrant:1.12.5
-
cpe:2.3:a:qdrant:qdrant:1.12.6
-
cpe:2.3:a:qdrant:qdrant:1.13.0
-
cpe:2.3:a:qdrant:qdrant:1.13.1
-
cpe:2.3:a:qdrant:qdrant:1.13.2
-
cpe:2.3:a:qdrant:qdrant:1.13.3
-
cpe:2.3:a:qdrant:qdrant:1.13.4
-
cpe:2.3:a:qdrant:qdrant:1.13.5
-
cpe:2.3:a:qdrant:qdrant:1.13.6
-
cpe:2.3:a:qdrant:qdrant:1.14.0
-
cpe:2.3:a:qdrant:qdrant:1.14.1
-
cpe:2.3:a:qdrant:qdrant:1.15.0
-
cpe:2.3:a:qdrant:qdrant:1.15.1
-
cpe:2.3:a:qdrant:qdrant:1.15.2
-
cpe:2.3:a:qdrant:qdrant:1.15.3
-
cpe:2.3:a:qdrant:qdrant:1.15.4
-
cpe:2.3:a:qdrant:qdrant:1.15.5
-
cpe:2.3:a:qdrant:qdrant:1.16.0
-
cpe:2.3:a:qdrant:qdrant:1.9.3
-
cpe:2.3:a:qdrant:qdrant:1.9.4
-
cpe:2.3:a:qdrant:qdrant:1.9.5
-
cpe:2.3:a:qdrant:qdrant:1.9.6
-
cpe:2.3:a:qdrant:qdrant:1.9.7