CVE-2026-10766

CVSS v3.1

3.6

Low

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate dataframe hash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.

Exploit

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-328CWE-327

Related Identifiers

CVE-2026-10766

Affected Products

Undefined

CVE-2026-10766

Weakness Enumeration

Related Identifiers

Affected Products

References · 8