CVE-2024-2221
Published: 10 April 2024
Summary
CVE-2024-2221 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Qdrant Qdrant. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Similarity Search; in the Supply Chain and Deployment risk domain; MITRE ATLAS techniques in scope: Hardware (AML.T0010.000), Infer Training Data Membership (AML.T0024.000), Financial Harm (AML.T0048.000).
Deeper analysis
qdrant/qdrant contains a path traversal and arbitrary file upload vulnerability in the /collections/{COLLECTION}/snapshots/upload endpoint that is triggered through the snapshot parameter. The flaw permits an unauthenticated remote attacker to supply a crafted path that writes an arbitrary file to any location on the server filesystem. It is tracked as CVE-2024-2221, carries a CVSS 3.0 score of 9.8, and is associated with CWE-434 and CWE-22.
An attacker with network access can send a malicious upload request that overwrites existing files, resulting in remote code execution or denial of service. Because the endpoint requires no credentials and the attack can be performed in a single request, the issue affects both integrity and availability of the qdrant instance.
The referenced GitHub commit e6411907f0ecf3c2f8ba44ab704b9e4597d9705d and the accompanying huntr report document the corrective changes applied to the snapshot upload handler. The current EPSS of 0.2553 has remained flat since disclosure and does not indicate a subsequent increase in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-27177
Vulnerability details
qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution.…
more
This issue affects the integrity and availability of the system, enabling unauthorized access and potentially causing the server to malfunction.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Similarity Search
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Qdrant is an open-source vector database designed for similarity search on high-dimensional embeddings, commonly used in AI/ML applications for semantic search, RAG, and recommendation systems. The vulnerability affects its API endpoint for snapshot uploads in collections, confirming its relevance to AI similarity search infrastructure.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal and arbitrary file upload/overwriting enables exploitation of public-facing application (T1190), modification of existing services (T1031), abuse of server software components for persistence/execution (T1505), and creation/modification of system processes (T1543) leading to RCE.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requiring identifiable owners for portable devices reduces the attack surface for unrestricted uploads of dangerous file types via anonymous media.
Dangerous file uploads can be detonated in the chamber to determine malice before any production write or execution occurs.
Prevents unrestricted writing of arbitrary or malicious firmware by keeping hardware write-protect enabled except under tightly controlled manual procedures.
Validates pathnames and filenames to prevent traversal outside intended directories.
Scans files from external sources on download/open/execute, blocking unrestricted uploads of dangerous file types.