CVE-2026-10800: Use of Weak Hash in PaddlePaddle FastDeploy
A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires local access. A high complexity level is associated with this attack. The exploitation is known to be difficult. This patch is called 374945747652a8d32965591c0c01a00c88b7067f. Applying a patch is advised to resolve this issue.
AI Analysis
Technical Summary
This vulnerability concerns the use of a weak hash algorithm in the hash_features function of the fastdeploy/multimodal/hasher.py file in PaddlePaddle FastDeploy up to version 2.4.1. The weakness could potentially allow an attacker with local access to manipulate the hashing process, though exploitation is difficult and requires high complexity. A patch exists to address this issue, but no official remediation level or patch link is provided in the data. The CVSS 4.0 score is 2 (low), reflecting limited impact and exploitability.
Potential Impact
The impact is limited due to the requirement for local access and the high complexity of exploitation. The weakness in the hash function may affect data integrity or related operations relying on the hash, but no direct impact such as privilege escalation or remote code execution is indicated. No known active exploitation has been reported.
Mitigation Recommendations
Applying the patch identified by commit 374945747652a8d32965591c0c01a00c88b7067f is advised to resolve this vulnerability. Since no official vendor advisory or patch link is provided, users should monitor PaddlePaddle's official channels for the patch release and apply it promptly. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
CVE-2026-10800: Use of Weak Hash in PaddlePaddle FastDeploy
Description
A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires local access. A high complexity level is associated with this attack. The exploitation is known to be difficult. This patch is called 374945747652a8d32965591c0c01a00c88b7067f. Applying a patch is advised to resolve this issue.
CVSS v4.0
Score 2.0low
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability concerns the use of a weak hash algorithm in the hash_features function of the fastdeploy/multimodal/hasher.py file in PaddlePaddle FastDeploy up to version 2.4.1. The weakness could potentially allow an attacker with local access to manipulate the hashing process, though exploitation is difficult and requires high complexity. A patch exists to address this issue, but no official remediation level or patch link is provided in the data. The CVSS 4.0 score is 2 (low), reflecting limited impact and exploitability.
Potential Impact
The impact is limited due to the requirement for local access and the high complexity of exploitation. The weakness in the hash function may affect data integrity or related operations relying on the hash, but no direct impact such as privilege escalation or remote code execution is indicated. No known active exploitation has been reported.
Mitigation Recommendations
Applying the patch identified by commit 374945747652a8d32965591c0c01a00c88b7067f is advised to resolve this vulnerability. Since no official vendor advisory or patch link is provided, users should monitor PaddlePaddle's official channels for the patch release and apply it promptly. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-04T04:57:09.234Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a214d96e29bf47b5092323a
Added to database: 6/4/2026, 10:04:06 AM
Last enriched: 6/4/2026, 10:19:25 AM
Last updated: 6/5/2026, 5:06:35 AM
Views: 12
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.