Cyber Resilience

CVE-2026-25628

HighPublic PoC

Published: 06 February 2026

Published
06 February 2026
Modified
19 February 2026
KEV Added
Patch
CVSS Score v3.1 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0049 38.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-25628 is a high-severity External Control of File Name or Path (CWE-73) vulnerability in Qdrant Qdrant. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Similarity Search; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-25628 is a vulnerability in Qdrant, an open-source vector similarity search engine and vector database, affecting versions from 1.9.3 up to but not including 1.16.0. It enables attackers to append data to arbitrary files through the /logger endpoint by supplying a maliciously controlled on_disk.log_file path, stemming from improper handling of externally controlled file paths (CWE-73).

Exploitation requires low privileges, specifically read-only access (PR:L), and can be performed over the network (AV:N) with no user interaction (UI:N), though it demands high attack complexity (AC:H). Successful attacks result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) with a changed scope (S:C), earning a CVSS v3.1 base score of 8.5.

Qdrant addressed the issue in version 1.16.0, as detailed in their GitHub security advisory (GHSA-f632-vm87-2m2f) and the fixing commit. The vulnerable code is in the service_api.rs file around line 195, where the patch prevents the arbitrary file append behavior.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled on_disk.log_file path. Minimal privileges are required (read-only access). This vulnerability is…

more

fixed in 1.16.0.

CWE(s)

AI Security AnalysisAI

AI Category
Similarity Search
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: qdrant

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

CVE describes network-reachable arbitrary file append in public Qdrant service (T1190); directly enables writing attacker-controlled data to any path (T1105 ingress, T1565.001 stored data manipulation).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-26359Shared CWE-73
CVE-2025-65473Shared CWE-73
CVE-2025-10134Shared CWE-73
CVE-2026-40370Shared CWE-73
CVE-2025-65115Shared CWE-73
CVE-2024-12267Shared CWE-73
CVE-2025-9048Shared CWE-73
CVE-2025-66254Shared CWE-73
CVE-2026-26360Shared CWE-73
CVE-2025-10058Shared CWE-73

Affected Assets

qdrant
qdrant
1.9.3 — 1.16.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents exploitation by requiring validation of attacker-controlled on_disk.log_file paths at the /logger endpoint to block arbitrary file appends.

prevent

Mitigates the vulnerability through timely flaw remediation by applying the patch released in Qdrant 1.16.0.

prevent

Limits damage from read-only access exploitation by enforcing least privilege on users and processes handling file operations.

References