CVE-2026-10803
MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash
CVSS Score
3.6
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
| CWE | CWE-328 CWE-327 |
| Vendor | n/a |
| Product | mlflow |
| Published | Jun 4, 2026 |
| Last Updated | Jun 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a mlflow
Be the first to know when new low vulnerabilities affecting n/a mlflow are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / MLflow
3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10.0
References
vuldb.com: https://vuldb.com/vuln/368252 vuldb.com: https://vuldb.com/vuln/368252/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10803 vuldb.com: https://vuldb.com/submit/831462 github.com: https://github.com/mlflow/mlflow/issues/22419 github.com: https://github.com/mlflow/mlflow/pull/22420 github.com: https://github.com/mlflow/mlflow/
Credits
๐ Dem0 (VulDB User) VulDB CNA Team