Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses

Filter by:

With package: python312Packages.qdrant-client

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-25628

8.6 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

Qdrant affected by arbitrary file write via `/logger` endpoint

Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled on_disk.log_file path. Minimal privileges are required (read-only access). This vulnerability is fixed in 1.16.0.

References

https://github.com/qdrant/qdrant/security/advisories/GHSA-f632-vm87-2m2f x_refsource_CONFIRM
https://github.com/qdrant/qdrant/commit/32b7fdfb7f542624ecd1f7c8d3e2b13c4e36a2c1 x_refsource_MISC
https://github.com/qdrant/qdrant/blob/48203e414e4e7f639a6d394fb6e4df695f808e51/src/actix/api/service_api.rs#L195 x_refsource_MISC

Affected products

qdrant

==>= 1.9.3, < 1.16.0

Matching in nixpkgs

pkgs.qdrant

Vector Search Engine for the next generation of AI applications

nixos-unstable 1.14.0
- nixpkgs-unstable 1.16.3
- nixos-unstable-small 1.16.3
nixos-25.11 1.15.5
- nixpkgs-25.11-darwin 1.15.5

pkgs.qdrant-web-ui

Self-hosted web UI for Qdrant

nixos-unstable 0.1.40
- nixpkgs-unstable 0.1.40
- nixos-unstable-small 0.1.40
nixos-25.11 0.1.40
- nixpkgs-25.11-darwin 0.1.40

pkgs.python312Packages.qdrant-client

Python client for Qdrant vector search engine

nixos-unstable 1.15.1
nixos-25.11 1.16.0
- nixpkgs-25.11-darwin 1.16.0

pkgs.python313Packages.qdrant-client

Python client for Qdrant vector search engine

nixos-unstable 1.15.1
- nixpkgs-unstable 1.16.2
- nixos-unstable-small 1.16.2
nixos-25.11 1.16.0
- nixpkgs-25.11-darwin 1.16.0

pkgs.python314Packages.qdrant-client

Python client for Qdrant vector search engine

nixos-unstable -
- nixpkgs-unstable 1.16.2
- nixos-unstable-small 1.16.2

pkgs.python312Packages.llama-index-vector-stores-qdrant

LlamaIndex Vector Store Integration for Qdrant

nixos-unstable 0.6.1
nixos-25.11 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.python313Packages.llama-index-vector-stores-qdrant

LlamaIndex Vector Store Integration for Qdrant

nixos-unstable 0.6.1
- nixpkgs-unstable 0.9.1
- nixos-unstable-small 0.9.1
nixos-25.11 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.pkgsRocm.python3Packages.llama-index-vector-stores-qdrant

LlamaIndex Vector Store Integration for Qdrant

nixos-unstable -
- nixpkgs-unstable 0.9.1
- nixos-unstable-small 0.9.1
nixos-25.11 0.9.0
- nixpkgs-25.11-darwin 0.9.0

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@happysalada Raphael Megzari <raphael@megzari.com>
@dit7ya Mostly Void <7rat13@gmail.com>
@xzfc Albert Safin <xzfcpw@gmail.com>

1