CVE-2026-10801

LOW 3.6

modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash

CVSS Score

3.6

EPSS Score

0.0%

EPSS Percentile

0th

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A high degree of complexity is needed for the attack. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.

CWE	CWE-328 CWE-327
Vendor	modelscope
Product	ms-swift
Published	Jun 4, 2026
Last Updated	Jun 4, 2026

Stay Ahead of the Next One

Get instant alerts for modelscope ms-swift

Be the first to know when new low vulnerabilities affecting modelscope ms-swift are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

modelscope / ms-swift

4.0 4.1 4.2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/368250 vuldb.com: https://vuldb.com/vuln/368250/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10801 vuldb.com: https://vuldb.com/submit/831455 vuldb.com: https://vuldb.com/submit/831456 github.com: https://github.com/modelscope/ms-swift/issues/9360 github.com: https://github.com/modelscope/ms-swift/pull/9359 github.com: https://github.com/modelscope/ms-swift/

Credits

🔍 Dem0 (VulDB User) VulDB CNA Team