CVE-2026-7845

Name of the Vulnerable Software and Affected Versions Langchain-Chatchat versions prior to 0.3.1.4

Description A flaw in the Vision Chat Paste Image Handler component allows for the use of a weak hash. This occurs during the manipulation of the paste image.image data argument within the PIL.Image.tobytes() function located in the libs/chatchat-server/chatchat/webui pages/dialogue/dialogue.py file. Exploitation requires the attacker to be present on the local network and is characterized by high complexity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the PIL.Image.tobytes() function or the Vision Chat Paste Image Handler component to minimize the risk of exploitation.