Vulnerability DatabaseCVE-2026-10800
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-10800
Published:June 04, 2026
Updated:June 07, 2026
A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires local access. A high complexity level is associated with this attack. The exploitation is known to be difficult. This patch is called 374945747652a8d32965591c0c01a00c88b7067f. Applying a patch is advised to resolve this issue.
Related Resources (8)
https://vuldb.com/cve/CVE-2026-10800
https://github.com/PaddlePaddle/FastDeploy/commit/374945747652a8d32965591c0c01a00c88b7067f
https://github.com/PaddlePaddle/FastDeploy/
https://github.com/PaddlePaddle/FastDeploy/pull/7185
https://vuldb.com/vuln/368249/cti
https://vuldb.com/submit/831452
https://vuldb.com/vuln/368249
https://github.com/PaddlePaddle/FastDeploy/issues/7196
Do you need more information?
Contact Us
CVSS v4
Base Score:
2
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
Exploit Maturity
NOT DEFINED
CVSS v3
Base Score:
3.6
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
LOW
Exploit Maturity
NOT DEFINED
Weakness Type (CWE)
Use of a Broken or Risky Cryptographic Algorithm
CWE-327
Use of Weak Hash
CWE-328
EPSS
Base Score:
0.01