LOW 3.6

CVE-2026-10813: LMCache Weak Hash Vulnerability in KV Cache Handler

LMCache versions up to 0.4.6 contain a cryptographic weakness in the KV Cache Handler component, specifically in how it converts hash values to integers. An attacker with local system access could manipulate this weak hash function to potentially compromise data integrity or availability. However, exploiting this requires significant technical complexity and local access privileges, limiting its practical risk in most environments.

Source data · NVD / CISA · public domain

CVSS
3.1 · 3.6 LOW · CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
Weaknesses (CWE)
CWE-327, CWE-328
Affected products
0 configuration(s)
Published / Modified
2026-06-04 / 2026-06-17

NVD description (verbatim)

A flaw has been found in LMCache up to 0.4.6. This affects the function hex_hash_to_int16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

7 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-10813 involves improper cryptographic hash handling in the hex_hash_to_int16 function within lmcache/integration/vllm/utils.py. The vulnerability allows manipulation of hash values through the KV (key-value) cache handler, leading to use of weak or predictable hashing. The attack surface is local-only, requires low-level privileges, and demands high attack complexity. This maps to CWE-327 (Use of a Broken or Risky Cryptographic Algorithm) and CWE-328 (Use of Insufficiently Random Values).

Business impact

The integrity of cached key-value pairs in LLM inference pipelines could be compromised, potentially leading to incorrect model outputs or denial of service in compute-intensive workloads. For organizations deploying LMCache in multi-tenant or sensitive inference scenarios, this could affect model reliability and data consistency. The local-only requirement and high complexity threshold mean impact is confined to insider threats or supply-chain scenarios rather than broad external risk.

Affected systems

LMCache through version 0.4.6 is affected. The vulnerability resides in the KV Cache Handler component used during vLLM integration. Any deployment using LMCache for optimization of large language model inference with version 0.4.6 or earlier is in scope. Verify your LMCache version via pip show lmcache or your deployment manifests.

Exploitability

Exploitation requires local system access, authenticated user privileges, and substantial technical knowledge of the cache internals and cryptographic logic. Public exploit code exists but weaponization remains non-trivial due to high attack complexity. The barrier to exploitation effectively limits this threat to privileged insiders, compromised development environments, or targeted attacks rather than mass exploitation campaigns.

Remediation

Upgrade LMCache to a patched version released after June 2026 that includes the accepted pull request fixing the hex_hash_to_int16 function. Organizations should verify patch availability from the LMCache project maintainers before upgrading. Until patching is possible, restrict local system access to LMCache deployments and monitor for unauthorized hash manipulation attempts.

Patch guidance

A pull request addressing this vulnerability is under acceptance review. Monitor the LMCache repository (verify against the vendor advisory) for release of a patched version beyond 0.4.6. Apply the update promptly to all LMCache installations, particularly in environments handling sensitive inference workloads. Test patched versions in non-production environments first to ensure compatibility with your vLLM deployment.

Detection guidance

Monitor system logs for local user access to LMCache processes and the vllm/utils.py module. Implement integrity checking on the KV cache storage layer to detect unexplained hash value changes. In development environments, enforce code review practices for any modifications to cryptographic functions. Consider canary deployments or anomaly detection on cache hit/miss ratios as an indirect signal of hash manipulation.

Why prioritize this

While this vulnerability carries a low CVSS score (3.6), it should not be deprioritized entirely. The combination of published exploit code, weak cryptography, and integrity impact warrants inclusion in patch cycles. However, organizations without multi-tenant LMCache deployments or strict data integrity requirements may defer this below critical infrastructure vulnerabilities. Prioritize if: (1) you run inference services on shared systems, (2) you have privileged users with security concerns, or (3) cache integrity is audit-relevant.

Risk score, explained

The CVSS 3.1 score of 3.6 (LOW) reflects: local-only attack vector (AV:L), high attack complexity (AC:H), low privilege requirement (PR:L), no user interaction needed (UI:N), single security zone (S:U), no confidentiality impact (C:N), but integrity and availability impacts (I:L, A:L). The score appropriately downgrades risk due to access and complexity barriers; however, the existence of public exploits elevates practical concern slightly above the numerical rating.

Frequently asked questions

Do I need to patch immediately if I use LMCache?

If your LMCache deployment is restricted to single-user development or testing environments, patching can be scheduled normally. Prioritize patching if you run shared, multi-tenant, or production inference services where cache integrity is critical or where multiple users have local access.

What is the actual attack scenario for this vulnerability?

An attacker with local user access to a system running LMCache could craft inputs that exploit the weak hash function in the KV Cache Handler, potentially corrupting cached key-value pairs and causing incorrect inference results or service disruption. This is primarily an insider or compromised environment threat.

Does this affect my model's security or my data security?

This affects cache integrity during inference, not the model or training data themselves. Corrupted caches lead to wrong answers or crashes, not data exfiltration. However, in systems where inference output feeds downstream decisions, integrity compromise could have indirect consequences.

How do I know if I'm vulnerable?

Run 'pip show lmcache' and check the version. If it reports 0.4.6 or earlier, you are affected. Verify your vLLM integration by confirming that the hex_hash_to_int16 function in lmcache/integration/vllm/utils.py has not been manually patched.

This analysis is based on publicly disclosed vulnerability data as of June 2026. Patch availability and version information should be verified directly with the LMCache project maintainers and official security advisories. CVSS scores reflect standardized severity ratings but do not replace risk assessment specific to your environment. No exploit code or weaponization details are provided. Organizations should conduct their own threat modeling before prioritizing remediation. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).