CVE-2026-10803

3.6 LOW
Published: June 04, 2026 Modified: June 04, 2026
View on NVD

Description

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/mlflow/mlflow/
Source: cna@vuldb.com
Product
https://github.com/mlflow/mlflow/issues/22419
Source: cna@vuldb.com
Exploit Issue Tracking Mitigation
https://github.com/mlflow/mlflow/pull/22420
Source: cna@vuldb.com
Issue Tracking
https://vuldb.com/cve/CVE-2026-10803
Source: cna@vuldb.com
Third Party Advisory VDB Entry
https://vuldb.com/submit/831462
Source: cna@vuldb.com
Third Party Advisory VDB Entry
https://vuldb.com/vuln/368252
Source: cna@vuldb.com
Third Party Advisory VDB Entry
https://vuldb.com/vuln/368252/cti
Source: cna@vuldb.com
Permissions Required VDB Entry
https://github.com/mlflow/mlflow/issues/22419
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit Issue Tracking Mitigation

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
3.6 / 10.0
EPSS (Exploit Probability)
0.0%
0th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-327 CWE-328

Affected Vendors

lfprojects

Related CVEs

CVE-2026-9278 N/A
CVE-2026-8935 N/A
CVE-2026-8386 N/A
CVE-2026-8385 N/A
CVE-2026-12223 5.5