Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-328
Use of Weak Hash
The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
CVE-2026-10783 (GCVE-0-2026-10783)
Vulnerability from cvelistv5 – Published: 2026-06-03 23:30 – Updated: 2026-06-04 14:19
VLAI
Title
gradio-app gradio Audio Cache Key save_audio_to_cache weak hash
Summary
A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. The patch is named 13394. To fix this issue, it is recommended to deploy a patch.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368140 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/368140/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10783 | third-party-advisory |
| https://vuldb.com/submit/831451 | third-party-advisory |
| https://github.com/gradio-app/gradio/issues/13395 | exploitissue-tracking |
| https://github.com/gradio-app/gradio/pull/13394 | issue-trackingpatch |
| https://github.com/gradio-app/gradio/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| gradio-app | gradio |
Affected:
6.14.0
cpe:2.3:a:gradio-app:gradio:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10783",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T14:19:30.467464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T14:19:42.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gradio-app:gradio:*:*:*:*:*:*:*:*"
],
"modules": [
"Audio Cache Key Handler"
],
"product": "gradio",
"vendor": "gradio-app",
"versions": [
{
"status": "affected",
"version": "6.14.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem0 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. The patch is named 13394. To fix this issue, it is recommended to deploy a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T23:30:12.545Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368140 | gradio-app gradio Audio Cache Key save_audio_to_cache weak hash",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/368140"
},
{
"name": "VDB-368140 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368140/cti"
},
{
"name": "CVE-2026-10783 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10783"
},
{
"name": "Submit #831451 | gradio-app gradio 6.14.0 Cache Poisoning",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831451"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/gradio-app/gradio/issues/13395"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/gradio-app/gradio/pull/13394"
},
{
"tags": [
"product"
],
"url": "https://github.com/gradio-app/gradio/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-03T18:12:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "gradio-app gradio Audio Cache Key save_audio_to_cache weak hash"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10783",
"datePublished": "2026-06-03T23:30:12.545Z",
"dateReserved": "2026-06-03T16:07:42.775Z",
"dateUpdated": "2026-06-04T14:19:42.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10800 (GCVE-0-2026-10800)
Vulnerability from cvelistv5 – Published: 2026-06-04 09:45 – Updated: 2026-06-04 15:07 X_Open Source
VLAI
Title
PaddlePaddle FastDeploy MultimodalHasher hasher.py hash_features weak hash
Summary
A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires local access. A high complexity level is associated with this attack. The exploitation is known to be difficult. This patch is called 374945747652a8d32965591c0c01a00c88b7067f. Applying a patch is advised to resolve this issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368249 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/368249/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10800 | third-party-advisory |
| https://vuldb.com/submit/831452 | third-party-advisory |
| https://github.com/PaddlePaddle/FastDeploy/issues/7196 | issue-tracking |
| https://github.com/PaddlePaddle/FastDeploy/pull/7185 | issue-trackingpatch |
| https://github.com/PaddlePaddle/FastDeploy/commit… | patch |
| https://github.com/PaddlePaddle/FastDeploy/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PaddlePaddle | FastDeploy |
Affected:
2.4.0
Affected: 2.4.1 cpe:2.3:a:paddlepaddle:fastdeploy:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T13:16:45.166669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T15:07:01.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paddlepaddle:fastdeploy:*:*:*:*:*:*:*:*"
],
"modules": [
"MultimodalHasher"
],
"product": "FastDeploy",
"vendor": "PaddlePaddle",
"versions": [
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "2.4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem0 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires local access. A high complexity level is associated with this attack. The exploitation is known to be difficult. This patch is called 374945747652a8d32965591c0c01a00c88b7067f. Applying a patch is advised to resolve this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.4,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T09:45:12.021Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368249 | PaddlePaddle FastDeploy MultimodalHasher hasher.py hash_features weak hash",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/368249"
},
{
"name": "VDB-368249 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368249/cti"
},
{
"name": "CVE-2026-10800 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10800"
},
{
"name": "Submit #831452 | PaddlePaddle FastDeploy 2.4.1_20260331_0 hash collision",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831452"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/PaddlePaddle/FastDeploy/issues/7196"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/PaddlePaddle/FastDeploy/pull/7185"
},
{
"tags": [
"patch"
],
"url": "https://github.com/PaddlePaddle/FastDeploy/commit/374945747652a8d32965591c0c01a00c88b7067f"
},
{
"tags": [
"product"
],
"url": "https://github.com/PaddlePaddle/FastDeploy/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-04T07:02:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "PaddlePaddle FastDeploy MultimodalHasher hasher.py hash_features weak hash"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10800",
"datePublished": "2026-06-04T09:45:12.021Z",
"dateReserved": "2026-06-04T04:57:09.234Z",
"dateUpdated": "2026-06-04T15:07:01.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10801 (GCVE-0-2026-10801)
Vulnerability from cvelistv5 – Published: 2026-06-04 11:00 – Updated: 2026-06-04 12:44
VLAI
Title
modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash
Summary
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A high degree of complexity is needed for the attack. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368250 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/368250/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10801 | third-party-advisory |
| https://vuldb.com/submit/831455 | third-party-advisory |
| https://vuldb.com/submit/831456 | third-party-advisory |
| https://github.com/modelscope/ms-swift/issues/9360 | exploitissue-tracking |
| https://github.com/modelscope/ms-swift/pull/9359 | issue-trackingpatch |
| https://github.com/modelscope/ms-swift/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| modelscope | ms-swift |
Affected:
4.0
Affected: 4.1 Affected: 4.2.0 cpe:2.3:a:modelscope:ms-swift:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10801",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T12:44:40.250609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T12:44:47.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:modelscope:ms-swift:*:*:*:*:*:*:*:*"
],
"modules": [
"PIL Image Cache Key Handler"
],
"product": "ms-swift",
"vendor": "modelscope",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem0 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A high degree of complexity is needed for the attack. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.4,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T11:00:13.074Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368250 | modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/368250"
},
{
"name": "VDB-368250 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368250/cti"
},
{
"name": "CVE-2026-10801 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10801"
},
{
"name": "Submit #831455 | modelscope ms-swift 4.2.0 Hash Collision",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831455"
},
{
"name": "Submit #831456 | modelscope ms-swift 4.2.0 Hash Collision (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831456"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/modelscope/ms-swift/issues/9360"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/modelscope/ms-swift/pull/9359"
},
{
"tags": [
"product"
],
"url": "https://github.com/modelscope/ms-swift/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-04T07:04:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10801",
"datePublished": "2026-06-04T11:00:13.074Z",
"dateReserved": "2026-06-04T04:59:37.871Z",
"dateUpdated": "2026-06-04T12:44:47.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10803 (GCVE-0-2026-10803)
Vulnerability from cvelistv5 – Published: 2026-06-04 11:45 – Updated: 2026-06-04 12:55
VLAI
Title
MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash
Summary
A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368252 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/368252/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10803 | third-party-advisory |
| https://vuldb.com/submit/831462 | third-party-advisory |
| https://github.com/mlflow/mlflow/issues/22419 | exploitissue-tracking |
| https://github.com/mlflow/mlflow/pull/22420 | issue-trackingpatch |
| https://github.com/mlflow/mlflow/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10803",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T12:55:46.959879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T12:55:59.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/mlflow/mlflow/issues/22419"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mlflow:mlflow:*:*:*:*:*:*:*:*"
],
"modules": [
"Dataset Digest Computation"
],
"product": "MLflow",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "3.3"
},
{
"status": "affected",
"version": "3.4"
},
{
"status": "affected",
"version": "3.5"
},
{
"status": "affected",
"version": "3.6"
},
{
"status": "affected",
"version": "3.7"
},
{
"status": "affected",
"version": "3.8"
},
{
"status": "affected",
"version": "3.9"
},
{
"status": "affected",
"version": "3.10.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem0 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.4,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T11:45:10.363Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368252 | MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/368252"
},
{
"name": "VDB-368252 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368252/cti"
},
{
"name": "CVE-2026-10803 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10803"
},
{
"name": "Submit #831462 | mlflow 3.10.0 Digest Collision",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831462"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mlflow/mlflow/issues/22419"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/mlflow/mlflow/pull/22420"
},
{
"tags": [
"product"
],
"url": "https://github.com/mlflow/mlflow/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-04T07:12:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10803",
"datePublished": "2026-06-04T11:45:10.363Z",
"dateReserved": "2026-06-04T05:06:53.422Z",
"dateUpdated": "2026-06-04T12:55:59.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10804 (GCVE-0-2026-10804)
Vulnerability from cvelistv5 – Published: 2026-06-04 12:00 – Updated: 2026-06-04 14:23
VLAI
Title
Streamlit Palette hashing.py weak hash
Summary
A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368253 | vdb-entry |
| https://vuldb.com/vuln/368253/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10804 | third-party-advisory |
| https://vuldb.com/submit/831508 | third-party-advisory |
| https://github.com/streamlit/streamlit/issues/14622 | exploitissue-tracking |
| https://github.com/streamlit/streamlit/pull/14635 | issue-trackingpatch |
| https://github.com/streamlit/streamlit/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Streamlit |
Affected:
1.0
Affected: 1.1 Affected: 1.2 Affected: 1.3 Affected: 1.4 Affected: 1.5 Affected: 1.6 Affected: 1.7 Affected: 1.8 Affected: 1.9 Affected: 1.10 Affected: 1.11 Affected: 1.12 Affected: 1.13 Affected: 1.14 Affected: 1.15 Affected: 1.16 Affected: 1.17 Affected: 1.18 Affected: 1.19 Affected: 1.20 Affected: 1.21 Affected: 1.22 Affected: 1.23 Affected: 1.24 Affected: 1.25 Affected: 1.26 Affected: 1.27 Affected: 1.28 Affected: 1.29 Affected: 1.30 Affected: 1.31 Affected: 1.32 Affected: 1.33 Affected: 1.34 Affected: 1.35 Affected: 1.36 Affected: 1.37 Affected: 1.38 Affected: 1.39 Affected: 1.40 Affected: 1.41 Affected: 1.42 Affected: 1.43 Affected: 1.44 Affected: 1.45 Affected: 1.46 Affected: 1.47 Affected: 1.48 Affected: 1.49 Affected: 1.50 Affected: 1.51 Affected: 1.52 Affected: 1.53.0 cpe:2.3:a:streamlit:streamlit:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10804",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T14:22:17.927620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T14:23:02.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:streamlit:streamlit:*:*:*:*:*:*:*:*"
],
"modules": [
"Palette Handler"
],
"product": "Streamlit",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.12"
},
{
"status": "affected",
"version": "1.13"
},
{
"status": "affected",
"version": "1.14"
},
{
"status": "affected",
"version": "1.15"
},
{
"status": "affected",
"version": "1.16"
},
{
"status": "affected",
"version": "1.17"
},
{
"status": "affected",
"version": "1.18"
},
{
"status": "affected",
"version": "1.19"
},
{
"status": "affected",
"version": "1.20"
},
{
"status": "affected",
"version": "1.21"
},
{
"status": "affected",
"version": "1.22"
},
{
"status": "affected",
"version": "1.23"
},
{
"status": "affected",
"version": "1.24"
},
{
"status": "affected",
"version": "1.25"
},
{
"status": "affected",
"version": "1.26"
},
{
"status": "affected",
"version": "1.27"
},
{
"status": "affected",
"version": "1.28"
},
{
"status": "affected",
"version": "1.29"
},
{
"status": "affected",
"version": "1.30"
},
{
"status": "affected",
"version": "1.31"
},
{
"status": "affected",
"version": "1.32"
},
{
"status": "affected",
"version": "1.33"
},
{
"status": "affected",
"version": "1.34"
},
{
"status": "affected",
"version": "1.35"
},
{
"status": "affected",
"version": "1.36"
},
{
"status": "affected",
"version": "1.37"
},
{
"status": "affected",
"version": "1.38"
},
{
"status": "affected",
"version": "1.39"
},
{
"status": "affected",
"version": "1.40"
},
{
"status": "affected",
"version": "1.41"
},
{
"status": "affected",
"version": "1.42"
},
{
"status": "affected",
"version": "1.43"
},
{
"status": "affected",
"version": "1.44"
},
{
"status": "affected",
"version": "1.45"
},
{
"status": "affected",
"version": "1.46"
},
{
"status": "affected",
"version": "1.47"
},
{
"status": "affected",
"version": "1.48"
},
{
"status": "affected",
"version": "1.49"
},
{
"status": "affected",
"version": "1.50"
},
{
"status": "affected",
"version": "1.51"
},
{
"status": "affected",
"version": "1.52"
},
{
"status": "affected",
"version": "1.53.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem0 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.4,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T12:00:14.916Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368253 | Streamlit Palette hashing.py weak hash",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/368253"
},
{
"name": "VDB-368253 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368253/cti"
},
{
"name": "CVE-2026-10804 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10804"
},
{
"name": "Submit #831508 | streamlit 1.53.0 hash collision",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831508"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/streamlit/streamlit/issues/14622"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/streamlit/streamlit/pull/14635"
},
{
"tags": [
"product"
],
"url": "https://github.com/streamlit/streamlit/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-04T07:15:01.000Z",
"value": "VulDB entry last update"
}
],
"title": "Streamlit Palette hashing.py weak hash"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10804",
"datePublished": "2026-06-04T12:00:14.916Z",
"dateReserved": "2026-06-04T05:09:57.527Z",
"dateUpdated": "2026-06-04T14:23:02.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10812 (GCVE-0-2026-10812)
Vulnerability from cvelistv5 – Published: 2026-06-04 14:15 – Updated: 2026-06-04 15:06
VLAI
Title
zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash
Summary
A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input_data["image"] results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368260 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/368260/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10812 | third-party-advisory |
| https://vuldb.com/submit/831636 | third-party-advisory |
| https://github.com/zilliztech/GPTCache/issues/684 | exploitissue-tracking |
| https://github.com/zilliztech/GPTCache/pull/678 | issue-trackingpatch |
| https://github.com/zilliztech/GPTCache/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| zilliztech | GPTCache |
Affected:
0.1.0
Affected: 0.1.1 Affected: 0.1.2 Affected: 0.1.3 Affected: 0.1.4 Affected: 0.1.5 Affected: 0.1.6 Affected: 0.1.7 Affected: 0.1.8 Affected: 0.1.9 Affected: 0.1.10 Affected: 0.1.11 Affected: 0.1.12 Affected: 0.1.13 Affected: 0.1.14 Affected: 0.1.15 Affected: 0.1.16 Affected: 0.1.17 Affected: 0.1.18 Affected: 0.1.19 Affected: 0.1.20 Affected: 0.1.21 Affected: 0.1.22 Affected: 0.1.23 Affected: 0.1.24 Affected: 0.1.25 Affected: 0.1.26 Affected: 0.1.27 Affected: 0.1.28 Affected: 0.1.29 Affected: 0.1.30 Affected: 0.1.31 Affected: 0.1.32 Affected: 0.1.33 Affected: 0.1.34 Affected: 0.1.35 Affected: 0.1.36 Affected: 0.1.37 Affected: 0.1.38 Affected: 0.1.39 Affected: 0.1.40 Affected: 0.1.41 Affected: 0.1.42 Affected: 0.1.43 Affected: 0.1.44 cpe:2.3:a:zilliztech:gptcache:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10812",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T15:05:12.549426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T15:06:07.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:zilliztech:gptcache:*:*:*:*:*:*:*:*"
],
"modules": [
"Cache Key Handler"
],
"product": "GPTCache",
"vendor": "zilliztech",
"versions": [
{
"status": "affected",
"version": "0.1.0"
},
{
"status": "affected",
"version": "0.1.1"
},
{
"status": "affected",
"version": "0.1.2"
},
{
"status": "affected",
"version": "0.1.3"
},
{
"status": "affected",
"version": "0.1.4"
},
{
"status": "affected",
"version": "0.1.5"
},
{
"status": "affected",
"version": "0.1.6"
},
{
"status": "affected",
"version": "0.1.7"
},
{
"status": "affected",
"version": "0.1.8"
},
{
"status": "affected",
"version": "0.1.9"
},
{
"status": "affected",
"version": "0.1.10"
},
{
"status": "affected",
"version": "0.1.11"
},
{
"status": "affected",
"version": "0.1.12"
},
{
"status": "affected",
"version": "0.1.13"
},
{
"status": "affected",
"version": "0.1.14"
},
{
"status": "affected",
"version": "0.1.15"
},
{
"status": "affected",
"version": "0.1.16"
},
{
"status": "affected",
"version": "0.1.17"
},
{
"status": "affected",
"version": "0.1.18"
},
{
"status": "affected",
"version": "0.1.19"
},
{
"status": "affected",
"version": "0.1.20"
},
{
"status": "affected",
"version": "0.1.21"
},
{
"status": "affected",
"version": "0.1.22"
},
{
"status": "affected",
"version": "0.1.23"
},
{
"status": "affected",
"version": "0.1.24"
},
{
"status": "affected",
"version": "0.1.25"
},
{
"status": "affected",
"version": "0.1.26"
},
{
"status": "affected",
"version": "0.1.27"
},
{
"status": "affected",
"version": "0.1.28"
},
{
"status": "affected",
"version": "0.1.29"
},
{
"status": "affected",
"version": "0.1.30"
},
{
"status": "affected",
"version": "0.1.31"
},
{
"status": "affected",
"version": "0.1.32"
},
{
"status": "affected",
"version": "0.1.33"
},
{
"status": "affected",
"version": "0.1.34"
},
{
"status": "affected",
"version": "0.1.35"
},
{
"status": "affected",
"version": "0.1.36"
},
{
"status": "affected",
"version": "0.1.37"
},
{
"status": "affected",
"version": "0.1.38"
},
{
"status": "affected",
"version": "0.1.39"
},
{
"status": "affected",
"version": "0.1.40"
},
{
"status": "affected",
"version": "0.1.41"
},
{
"status": "affected",
"version": "0.1.42"
},
{
"status": "affected",
"version": "0.1.43"
},
{
"status": "affected",
"version": "0.1.44"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem0 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input_data[\"image\"] results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.4,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T14:15:11.204Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368260 | zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/368260"
},
{
"name": "VDB-368260 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368260/cti"
},
{
"name": "CVE-2026-10812 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10812"
},
{
"name": "Submit #831636 | zilliztech GPTCache 0.1.44 Cache poisoning / improper cache key generation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831636"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/zilliztech/GPTCache/issues/684"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/zilliztech/GPTCache/pull/678"
},
{
"tags": [
"product"
],
"url": "https://github.com/zilliztech/GPTCache/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-04T07:28:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10812",
"datePublished": "2026-06-04T14:15:11.204Z",
"dateReserved": "2026-06-04T05:22:50.962Z",
"dateUpdated": "2026-06-04T15:06:07.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10813 (GCVE-0-2026-10813)
Vulnerability from cvelistv5 – Published: 2026-06-04 14:45 – Updated: 2026-06-04 17:28
VLAI
Title
LMCache KV Cache utils.py hex_hash_to_int16 weak hash
Summary
A flaw has been found in LMCache up to 0.4.6. This affects the function hex_hash_to_int16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368261 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/368261/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10813 | third-party-advisory |
| https://vuldb.com/submit/831641 | third-party-advisory |
| https://github.com/LMCache/LMCache/issues/3301 | exploitissue-tracking |
| https://github.com/LMCache/LMCache/pull/2932 | issue-trackingpatch |
| https://github.com/LMCache/LMCache/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10813",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T17:28:03.511680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T17:28:11.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:lmcache:lmcache:*:*:*:*:*:*:*:*"
],
"modules": [
"KV Cache Handler"
],
"product": "LMCache",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.4.0"
},
{
"status": "affected",
"version": "0.4.1"
},
{
"status": "affected",
"version": "0.4.2"
},
{
"status": "affected",
"version": "0.4.3"
},
{
"status": "affected",
"version": "0.4.4"
},
{
"status": "affected",
"version": "0.4.5"
},
{
"status": "affected",
"version": "0.4.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem00 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in LMCache up to 0.4.6. This affects the function hex_hash_to_int16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.4,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T14:45:10.552Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368261 | LMCache KV Cache utils.py hex_hash_to_int16 weak hash",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/368261"
},
{
"name": "VDB-368261 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368261/cti"
},
{
"name": "CVE-2026-10813 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10813"
},
{
"name": "Submit #831641 | LMCache 729ff73 Cache poisoning",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831641"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LMCache/LMCache/issues/3301"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/LMCache/LMCache/pull/2932"
},
{
"tags": [
"product"
],
"url": "https://github.com/LMCache/LMCache/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-04T07:39:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "LMCache KV Cache utils.py hex_hash_to_int16 weak hash"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10813",
"datePublished": "2026-06-04T14:45:10.552Z",
"dateReserved": "2026-06-04T05:34:15.425Z",
"dateUpdated": "2026-06-04T17:28:11.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10814 (GCVE-0-2026-10814)
Vulnerability from cvelistv5 – Published: 2026-06-04 15:00 – Updated: 2026-06-04 15:46 X_Open Source
VLAI
Title
milvus-io milvus Grantee ID Hash kv_catalog.go weak hash
Summary
A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The attack's complexity is rated as high. It is stated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 3d932f1c3e065351c4440c27abe1e6479752544d. Applying a patch is the recommended action to fix this issue.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368262 | vdb-entry |
| https://vuldb.com/vuln/368262/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10814 | third-party-advisory |
| https://vuldb.com/submit/831645 | third-party-advisory |
| https://github.com/milvus-io/milvus/issues/49857 | exploitissue-tracking |
| https://github.com/milvus-io/milvus/pull/50060 | issue-trackingpatch |
| https://github.com/milvus-io/milvus/commit/3d932f… | patch |
| https://github.com/milvus-io/milvus/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| milvus-io | milvus |
Affected:
2.6.0
Affected: 2.6.1 Affected: 2.6.2 Affected: 2.6.3 Affected: 2.6.4 Affected: 2.6.5 Affected: 2.6.6 Affected: 2.6.7 Affected: 2.6.8 Affected: 2.6.9 Affected: 2.6.10 Affected: 2.6.11 Affected: 2.6.12 Affected: 2.6.13 cpe:2.3:a:milvus-io:milvus:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10814",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T15:46:49.235572Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T15:46:55.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:milvus-io:milvus:*:*:*:*:*:*:*:*"
],
"modules": [
"Grantee ID Hash Handler"
],
"product": "milvus",
"vendor": "milvus-io",
"versions": [
{
"status": "affected",
"version": "2.6.0"
},
{
"status": "affected",
"version": "2.6.1"
},
{
"status": "affected",
"version": "2.6.2"
},
{
"status": "affected",
"version": "2.6.3"
},
{
"status": "affected",
"version": "2.6.4"
},
{
"status": "affected",
"version": "2.6.5"
},
{
"status": "affected",
"version": "2.6.6"
},
{
"status": "affected",
"version": "2.6.7"
},
{
"status": "affected",
"version": "2.6.8"
},
{
"status": "affected",
"version": "2.6.9"
},
{
"status": "affected",
"version": "2.6.10"
},
{
"status": "affected",
"version": "2.6.11"
},
{
"status": "affected",
"version": "2.6.12"
},
{
"status": "affected",
"version": "2.6.13"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem00 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The attack\u0027s complexity is rated as high. It is stated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 3d932f1c3e065351c4440c27abe1e6479752544d. Applying a patch is the recommended action to fix this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.5,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T15:00:19.440Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368262 | milvus-io milvus Grantee ID Hash kv_catalog.go weak hash",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/368262"
},
{
"name": "VDB-368262 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368262/cti"
},
{
"name": "CVE-2026-10814 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10814"
},
{
"name": "Submit #831645 | Milvus v2.6.13 Authorization Bypass` / `Hash Collision` / `Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831645"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/milvus-io/milvus/issues/49857"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/milvus-io/milvus/pull/50060"
},
{
"tags": [
"patch"
],
"url": "https://github.com/milvus-io/milvus/commit/3d932f1c3e065351c4440c27abe1e6479752544d"
},
{
"tags": [
"product"
],
"url": "https://github.com/milvus-io/milvus/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-04T07:47:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "milvus-io milvus Grantee ID Hash kv_catalog.go weak hash"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10814",
"datePublished": "2026-06-04T15:00:19.440Z",
"dateReserved": "2026-06-04T05:41:43.203Z",
"dateUpdated": "2026-06-04T15:46:55.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11329 (GCVE-0-2026-11329)
Vulnerability from cvelistv5 – Published: 2026-06-05 12:15 – Updated: 2026-06-08 17:03 X_Open Source
VLAI
Title
onnx onnx-mlir Placeholder Node Cache backend.py generate_hash_key weak hash
Summary
A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key of the file src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack has to be approached locally. A high complexity level is associated with this attack. The exploitation is known to be difficult. The name of the patch is 72c5187ff6d13c2c2b3d3789b8f5faf99f08a5b4. Applying a patch is advised to resolve this issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368865 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/368865/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11329 | third-party-advisory |
| https://vuldb.com/submit/832358 | third-party-advisory |
| https://github.com/onnx/onnx-mlir/pull/3427 | issue-trackingpatch |
| https://github.com/onnx/onnx-mlir/commit/72c5187f… | patch |
| https://github.com/onnx/onnx-mlir/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T17:01:45.917951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T17:03:42.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:onnx:onnx-mlir:*:*:*:*:*:*:*:*"
],
"modules": [
"Placeholder Node Cache Handler"
],
"product": "onnx-mlir",
"vendor": "onnx",
"versions": [
{
"status": "affected",
"version": "0.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem00 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key of the file src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack has to be approached locally. A high complexity level is associated with this attack. The exploitation is known to be difficult. The name of the patch is 72c5187ff6d13c2c2b3d3789b8f5faf99f08a5b4. Applying a patch is advised to resolve this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.4,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T12:15:11.835Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368865 | onnx onnx-mlir Placeholder Node Cache backend.py generate_hash_key weak hash",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/368865"
},
{
"name": "VDB-368865 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368865/cti"
},
{
"name": "CVE-2026-11329 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11329"
},
{
"name": "Submit #832358 | onnx onnx-mlir v0.5.0.0 cache key collision",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/832358"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/onnx/onnx-mlir/pull/3427"
},
{
"tags": [
"patch"
],
"url": "https://github.com/onnx/onnx-mlir/commit/72c5187ff6d13c2c2b3d3789b8f5faf99f08a5b4"
},
{
"tags": [
"product"
],
"url": "https://github.com/onnx/onnx-mlir/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-06-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-05T08:48:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "onnx onnx-mlir Placeholder Node Cache backend.py generate_hash_key weak hash"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11329",
"datePublished": "2026-06-05T12:15:11.835Z",
"dateReserved": "2026-06-05T06:43:25.150Z",
"dateUpdated": "2026-06-08T17:03:42.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11330 (GCVE-0-2026-11330)
Vulnerability from cvelistv5 – Published: 2026-06-05 12:45 – Updated: 2026-06-08 16:04 X_Open Source
VLAI
Title
thedotmack claude-mem Observation Content Hash store.ts computeObservationContentHash weak hash
Summary
A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component Observation Content Hash Handler. This manipulation causes use of weak hash. The attack can only be executed locally. The attack's complexity is rated as high. The exploitability is described as difficult. Upgrading to version 12.0.0 is sufficient to fix this issue. Patch name: f32fda8b35e9fe9329f87da65c31149362a03f97. It is suggested to upgrade the affected component.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368870 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/368870/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11330 | third-party-advisory |
| https://vuldb.com/submit/832401 | third-party-advisory |
| https://github.com/thedotmack/claude-mem/pull/1494 | issue-trackingpatch |
| https://github.com/thedotmack/claude-mem/commit/f… | patch |
| https://github.com/thedotmack/claude-mem/releases… | patch |
| https://github.com/thedotmack/claude-mem/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| thedotmack | claude-mem |
Affected:
11.0.0
Affected: 11.0.1 Unaffected: 12.0.0 cpe:2.3:a:thedotmack:claude-mem:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T16:04:38.572755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T16:04:51.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:thedotmack:claude-mem:*:*:*:*:*:*:*:*"
],
"modules": [
"Observation Content Hash Handler"
],
"product": "claude-mem",
"vendor": "thedotmack",
"versions": [
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "unaffected",
"version": "12.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem00 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component Observation Content Hash Handler. This manipulation causes use of weak hash. The attack can only be executed locally. The attack\u0027s complexity is rated as high. The exploitability is described as difficult. Upgrading to version 12.0.0 is sufficient to fix this issue. Patch name: f32fda8b35e9fe9329f87da65c31149362a03f97. It is suggested to upgrade the affected component."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.4,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T12:45:12.204Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368870 | thedotmack claude-mem Observation Content Hash store.ts computeObservationContentHash weak hash",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/368870"
},
{
"name": "VDB-368870 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368870/cti"
},
{
"name": "CVE-2026-11330 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11330"
},
{
"name": "Submit #832401 | thedotmack claude-mem v10.4.0 - Improper content hash construction - Field-boundary ambiguity",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/832401"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/thedotmack/claude-mem/pull/1494"
},
{
"tags": [
"patch"
],
"url": "https://github.com/thedotmack/claude-mem/commit/f32fda8b35e9fe9329f87da65c31149362a03f97"
},
{
"tags": [
"patch"
],
"url": "https://github.com/thedotmack/claude-mem/releases/tag/v12.0.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/thedotmack/claude-mem/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-06-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-05T09:01:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "thedotmack claude-mem Observation Content Hash store.ts computeObservationContentHash weak hash"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11330",
"datePublished": "2026-06-05T12:45:12.204Z",
"dateReserved": "2026-06-05T06:56:10.993Z",
"dateUpdated": "2026-06-08T16:04:51.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-51
Phase: Architecture and Design
Description:
- Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.
- Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.
- Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment's needs.
CAPEC-461: Web Services API Signature Forgery Leveraging Hash Function Extension Weakness
An adversary utilizes a hash function extension/padding weakness, to modify the parameters passed to the web service requesting authentication by generating their own call in order to generate a legitimate signature hash (as described in the notes), without knowledge of the secret token sometimes provided by the web service.
CAPEC-68: Subvert Code-signing Facilities
Many languages use code signing facilities to vouch for code's identity and to thus tie code to its assigned privileges within an environment. Subverting this mechanism can be instrumental in an attacker escalating privilege. Any means of subverting the way that a virtual machine enforces code signing classifies for this style of attack.