CVE-2026-10804
Streamlit Palette hashing.py weak hash
CVSS Score
3.6
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.
| CWE | CWE-328 CWE-327 |
| Vendor | n/a |
| Product | streamlit |
| Published | Jun 4, 2026 |
| Last Updated | Jun 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a streamlit
Be the first to know when new low vulnerabilities affecting n/a streamlit are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / Streamlit
1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 1.15 1.16 1.17 1.18 1.19 1.20 1.21 1.22 1.23 1.24 1.25 1.26 1.27 1.28 1.29 1.30 1.31 1.32 1.33 1.34 1.35 1.36 1.37 1.38 1.39 1.40 1.41 1.42 1.43 1.44 1.45 1.46 1.47 1.48 1.49 1.50 1.51 1.52 1.53.0
References
vuldb.com: https://vuldb.com/vuln/368253 vuldb.com: https://vuldb.com/vuln/368253/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10804 vuldb.com: https://vuldb.com/submit/831508 github.com: https://github.com/streamlit/streamlit/issues/14622 github.com: https://github.com/streamlit/streamlit/pull/14635 github.com: https://github.com/streamlit/streamlit/
Credits
๐ Dem0 (VulDB User) VulDB CNA Team