CVE-2026-10705

Name of the Vulnerable Software and Affected Versions dask versions prior to 3.1

Description A flaw in the HLL Handler component allows for remote resource consumption. The issue is located within the nunique approx() function in the dask/dataframe/hyperloglog.py file. Exploitation is considered difficult and requires a high degree of complexity.

Recommendations As a temporary workaround, consider restricting the use of the nunique approx() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.