A flaw has been found in LMCache up to 0.4.6. This affects the function hexhashto_int16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/10xxx/CVE-2026-10813.json",
"cna_assigner": "VulDB",
"cwe_ids": [
"CWE-327",
"CWE-328"
]
}{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "0.4.0"
},
{
"last_affected": "0.4.0"
},
{
"introduced": "0.4.1"
},
{
"last_affected": "0.4.1"
},
{
"introduced": "0.4.2"
},
{
"last_affected": "0.4.2"
},
{
"introduced": "0.4.3"
},
{
"last_affected": "0.4.3"
},
{
"introduced": "0.4.4"
},
{
"last_affected": "0.4.4"
},
{
"introduced": "0.4.5"
},
{
"last_affected": "0.4.5"
},
{
"introduced": "0.4.6"
},
{
"last_affected": "0.4.6"
}
]
}