CVE-2026-10804

Exploit

EPSS 0.08%
Veröffentlicht 04.06.2026 12:00:14
Zuletzt bearbeitet 10.06.2026 17:47:27
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Streamlit Palette hashing.py weak hash

A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Snowflake ≫ Streamlit Version <= 1.53.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.004

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
cna@vuldb.com	1.1	0	0	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.6	1	2.5	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
cna@vuldb.com	2.4	1.5	4.9	AV:L/AC:H/Au:S/C:N/I:P/A:P

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

CWE-328 Use of Weak Hash

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

https://vuldb.com/vuln/368253

Third Party Advisory

VDB Entry

https://vuldb.com/vuln/368253/cti

VDB Entry

Permissions Required

https://vuldb.com/cve/CVE-2026-10804

Third Party Advisory

VDB Entry

https://vuldb.com/submit/831508

Third Party Advisory

VDB Entry

https://github.com/streamlit/streamlit/issues/14622

Patch

Issue Tracking

Mitigation

https://github.com/streamlit/streamlit/pull/14635

Patch

Issue Tracking

https://github.com/streamlit/streamlit/

Product

https://nvd.nist.gov/vuln/detail/CVE-2026-10804

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-10804

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-10804

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-10804