CVE-2026-10801

Source
https://cve.org/CVERecord?id=CVE-2026-10801
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10801.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-10801
Published
2026-06-04T11:00:13.074Z
Modified
2026-07-08T07:33:16.220805658Z
Severity
  • 1.1 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash
Details

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepil_image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A high degree of complexity is needed for the attack. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/10xxx/CVE-2026-10801.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-327",
        "CWE-328"
    ]
}
References

Affected packages

Git / github.com/modelscope/ms-swift

Affected ranges

Type
GIT
Repo
https://github.com/modelscope/ms-swift
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "4.0"
        },
        {
            "last_affected": "4.0"
        },
        {
            "introduced": "4.1"
        },
        {
            "last_affected": "4.1"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "last_affected": "4.2.0"
        }
    ]
}

Affected versions

4.*
4.0
4.1
4.2.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10801.json"