CVE-2026-10803

CVSS v2.0

2.4

Low

Vector

AV:L/AC:H/Au:S/C:N/I:P/A:P

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest utils of the file mlflow/data/digest utils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.

Exploit

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-328CWE-327

Related Identifiers

CVE-2026-10803

Affected Products

Undefined

CVE-2026-10803

Weakness Enumeration

Related Identifiers

Affected Products

References · 8