CVE-2026-11466 | zilliztech deep-searcher up to 0.0.2 collection_router.py CollectionRouter.invoke kwargs access control (Issue 267)

A vulnerability has been found in zilliztech deep-searcher up to 0.0.2 and classified as problematic. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls.

This vulnerability is registered as CVE-2026-11466. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The pull request to fix this issue awaits acceptance.VulDB Recent EntriesRead More