By weakness (CWE)
CWE-328: related vulnerabilities
CVEs classified under CWE-328. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
9 published vulnerabilities
- CVE-2026-10814MEDIUM 4.5
Milvus, a popular vector database, contains a weakness in how it generates hash identifiers for grantee access control. An attacker with local access and sufficient privileges could exploit weak cryptographic hashing in the Grantee ID Hash Handler to potentially forge or predict access control identifiers, leading to unauthorized data access or modification. The vulnerability requires high technical complexity to exploit and is rated as medium severity.
- CVE-2026-10766LOW 3.6
MLRun versions up to 1.12.0-rc3 contain a weakness in how they hash dataframes. The vulnerable function in mlrun/utils/helpers.py uses cryptographic methods that are considered inadequate for security purposes. An attacker with local access to a system running MLRun could potentially manipulate or forge data integrity checks, though doing so requires significant technical effort and local privileges. The vulnerability is not currently listed as actively exploited in the wild, but proof-of-concept details have been publicly disclosed.
- CVE-2026-10800LOW 3.6
PaddlePaddle FastDeploy versions up to 2.4.1 contain a weakness in how the MultimodalHasher component generates hashes for multimodal features. An attacker with local system access and user-level privileges could manipulate the hash_features function to use cryptographically weak hashing, potentially allowing them to forge or predict hash values. This is a low-severity issue that requires both local access and significant technical effort to exploit.
- CVE-2026-10801LOW 3.6
A weakness in how ModelScope's ms-swift library (versions up to 4.2.0) hashes cached PIL images creates a local integrity risk. An attacker with local system access and user-level privileges could manipulate image cache validation, potentially leading to cache poisoning or image substitution. The vulnerability requires significant technical effort to exploit and poses limited immediate threat in most environments, but should be addressed before deployment in sensitive workflows.
- CVE-2026-10803LOW 3.6
MLflow versions up to 3.10.0 contain a cryptographic weakness in the Dataset Digest Computation module. The vulnerability uses an insufficiently strong hash function for dataset digest operations, which could allow an attacker with local system access and user-level privileges to tamper with dataset integrity checks or trigger application errors. Exploitation requires significant technical effort and local presence on the affected machine.
- CVE-2026-10804LOW 3.6
Streamlit versions up to 1.53.0 contain a weak cryptographic hashing vulnerability in its palette handler component. An attacker with local system access and authenticated user privileges can manipulate the hashing function to produce predictable or non-unique hash values, potentially allowing them to bypass integrity checks or cause minor application disruptions. The attack is complex and requires deep knowledge of the affected code path, making opportunistic exploitation unlikely. However, the vulnerability is not currently tracked as an active threat on CISA's Known Exploited Vulnerabilities catalog.
- CVE-2026-10812LOW 3.6
GPTCache versions up to 0.1.44 contain a weakness in how it hashes image data used for cache key generation. An attacker with local access to a system running vulnerable GPTCache can manipulate image input parameters to exploit weak cryptographic hashing, potentially causing data integrity issues. The attack requires elevated complexity to execute and is not considered an immediate threat to most deployments, but organizations using GPTCache for image processing should monitor for patches.
- CVE-2026-10813LOW 3.6
LMCache versions up to 0.4.6 contain a cryptographic weakness in the KV Cache Handler component, specifically in how it converts hash values to integers. An attacker with local system access could manipulate this weak hash function to potentially compromise data integrity or availability. However, exploiting this requires significant technical complexity and local access privileges, limiting its practical risk in most environments.
- CVE-2026-10783LOW 2.5
A weakness in Gradio 6.14.0's audio caching function allows a local user with limited privileges to potentially access confidential information through use of a weak cryptographic hash. The attack is technically difficult to execute and requires hands-on access to the system. While a public exploit exists, real-world exploitation remains unlikely due to high complexity requirements and low impact scope.