CVE-2026-10812: GPTCache Weak Hash Vulnerability in Cache Key Handler (CVSS 3.6)
GPTCache versions up to 0.1.44 contain a weakness in how it hashes image data used for cache key generation. An attacker with local access to a system running vulnerable GPTCache can manipulate image input parameters to exploit weak cryptographic hashing, potentially causing data integrity issues. The attack requires elevated complexity to execute and is not considered an immediate threat to most deployments, but organizations using GPTCache for image processing should monitor for patches.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 3.6 LOW · CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
- Weaknesses (CWE)
- CWE-327, CWE-328
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-04 / 2026-06-17
NVD description (verbatim)
A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input_data["image"] results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.
7 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-10812 affects the BufferedReader.peek function in gptcache/processor/pre.py, which handles cache key generation. The vulnerability stems from the use of weak cryptographic hashing (CWE-327, CWE-328) when processing the input_data["image"] parameter. An authenticated local attacker with elevated privileges can craft malicious image inputs to bypass cache integrity protections. The CVSS 3.1 score of 3.6 (LOW severity) reflects the requirement for local access, high attack complexity, and limited impact scope—though integrity compromise is possible.
Business impact
The primary risk is cache poisoning: an attacker could inject or manipulate cached image data in a shared GPTCache instance, causing subsequent queries to return corrupted or incorrect cached results. In applications relying on GPTCache for multi-tenant or high-volume image processing (e.g., AI-powered content pipelines), this could degrade output quality or trigger downstream errors. However, the local-access requirement significantly limits the attack surface in typical cloud or SaaS deployments.
Affected systems
GPTCache versions up to and including 0.1.44 are affected. The vulnerability resides in the cache key handler component, specifically the image input processing pipeline. Any deployment running vulnerable versions that accepts or processes image data through GPTCache is in scope. Verify your installed version against the official GPTCache releases.
Exploitability
Exploitation requires local system access and authenticated privileges, placing this well outside the reach of remote threat actors. The attack is noted as high complexity, and public exploits are now available—meaning security researchers have published proof-of-concept code or techniques. This combination keeps the practical risk moderate: opportunistic insider threats or compromise of a system where GPTCache is running could exploit this, but it is not a high-velocity attack vector.
Remediation
Upgrade GPTCache to a patched version once available. A fix has been proposed in an open pull request awaiting acceptance by the GPTCache maintainers. Until an official release is available, monitor for updates from zilliztech and apply promptly upon release. Organizations should also review local access controls to limit who can interact with GPTCache instances and restrict image input sources where possible.
Patch guidance
Check the official GPTCache GitHub repository and release notes for version 0.1.45 or later, which is expected to address this issue. Verify the fix against the accepted pull request once merged. No specific patch version can be confirmed at this time; consult the vendor advisory for exact release details. Coordinate patching with your development or data engineering teams, as GPTCache is typically embedded in AI/ML pipelines that may require testing before production rollout.
Detection guidance
Monitor for unexpected modifications to cached image data or integrity failures in cache keys. Audit local system access logs to identify unauthorized attempts to interact with GPTCache directories or processes. Intrusion detection systems should flag suspicious calls to BufferedReader.peek with malformed image_data structures. If you have visibility into GPTCache logs, look for errors or warnings related to hash computation or cache validation on image inputs.
Why prioritize this
Although CVSS score is LOW, this issue should not be dismissed. Public exploits now exist, and cache integrity vulnerabilities can compound if combined with other weaknesses. Prioritize patching in shared or multi-tenant GPTCache deployments, and for systems processing high-value or sensitive image data. Organizations running single-tenant, well-isolated instances with strict local access controls may deprioritize this, but should still plan to patch within a standard maintenance window.
Risk score, explained
The CVSS 3.1 score of 3.6 reflects: (1) local attack vector, eliminating remote exploitation; (2) high attack complexity, requiring non-trivial effort and system knowledge; (3) requirement for authenticated user privileges; (4) limited scope (only cache integrity, not confidentiality or availability across the system). However, the score does not capture the amplification risk if GPTCache is central to a data pipeline or trusted by downstream systems.
Frequently asked questions
What versions of GPTCache are vulnerable?
GPTCache versions up to and including 0.1.44 are affected. Check your installed version with pip show gptcache or in your project dependencies. Upgrade to the latest stable release once a patch is available.
Can this vulnerability be exploited remotely?
No. The attack requires local access to the system and authenticated user privileges. Remote exploitation is not possible, which is why the CVSS score is relatively low.
What should I do if I cannot patch immediately?
Restrict local system access to GPTCache instances, especially for non-administrative users. Validate and sanitize image inputs at the application layer before passing them to GPTCache. Monitor cache behavior and implement integrity checks on retrieved cache entries.
Are there workarounds if I must continue using GPTCache 0.1.44?
Implement application-level validation and logging around image processing calls. Consider isolating GPTCache to a dedicated, access-controlled environment. However, workarounds are not a substitute for patching; plan your upgrade path immediately.
This analysis is provided for informational purposes and reflects information available as of the publication date. CVSS scores and vulnerability severity are based on NIST/vendor assessments and may not reflect risk in all environments. Organizations should conduct their own risk assessment based on system configuration, data sensitivity, and threat landscape. No exploit code is provided or endorsed by SEC.co. Verify all patch and remediation guidance against official vendor advisories before deploying to production. This document does not constitute legal or professional security advice. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-10766LOWMLRun DataFrame Hash Weakness (CVSS 3.6)
- CVE-2026-10783LOWWeak Hash in Gradio Audio Cache – Risk Assessment & Patching Guide
- CVE-2026-10800LOWPaddlePaddle FastDeploy Weak Hash Vulnerability
- CVE-2026-10801LOWWeak Hash in ModelScope ms-swift PIL Image Cache
- CVE-2026-10803LOWMLflow Weak Hash Vulnerability in Dataset Digest Computation
- CVE-2026-10804LOWStreamlit Weak Hashing Vulnerability in Palette Handler (CVSS 3.6)
- CVE-2026-10813LOWLMCache Weak Hash Vulnerability in KV Cache Handler
- CVE-2026-10814MEDIUMWeak Hash Implementation in Milvus Grantee ID Handler