CVE-2026-10766
mlrun DataFrame Hash helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash
CVSS Score
3.6
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.
| CWE | CWE-328 CWE-327 |
| Vendor | n/a |
| Product | mlrun |
| Published | Jun 3, 2026 |
| Last Updated | Jun 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a mlrun
Be the first to know when new low vulnerabilities affecting n/a mlrun are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / mlrun
1.12.0-rc1 1.12.0-rc2 1.12.0-rc3
References
vuldb.com: https://vuldb.com/vuln/368136 vuldb.com: https://vuldb.com/vuln/368136/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10766 vuldb.com: https://vuldb.com/submit/831419 github.com: https://github.com/mlrun/mlrun/issues/9691 github.com: https://github.com/mlrun/mlrun/pull/9692 github.com: https://github.com/mlrun/mlrun/
Credits
๐ Dem0 (VulDB User) VulDB CNA Team