CVE-2026-10813: Use of Weak Hash in LMCache
A flaw has been found in LMCache up to 0.4.6. This affects the function hex_hash_to_int16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
AI Analysis
Technical Summary
This vulnerability in LMCache (up to version 0.4.6) affects the hex_hash_to_int16 function in the lmcache/integration/vllm/utils.py file, where a weak hash function is used. This flaw could potentially be manipulated locally by an attacker with a high skill level. The exploitability is considered difficult, and while an exploit has been published, no official patch or remediation has been released yet. The issue is tracked as CVE-2026-10813 with a CVSS 4.0 base score of 2.0, indicating low severity.
Potential Impact
The impact is limited due to the requirement for local access and high complexity of exploitation. The use of a weak hash may affect the integrity or security of the KV Cache Handler component, but no direct remote exploitation or widespread impact is indicated. No known exploits are reported in the wild, and the overall severity is low.
Mitigation Recommendations
No official patch or remediation is currently available as the pull request to fix the issue is awaiting acceptance. Users should monitor the vendor or project repository for updates and apply the fix once it is officially released. Given the difficulty of exploitation and local access requirement, immediate urgent action is not necessary but vigilance is advised.
CVE-2026-10813: Use of Weak Hash in LMCache
Description
A flaw has been found in LMCache up to 0.4.6. This affects the function hex_hash_to_int16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
CVSS v4.0
Score 2.0low
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in LMCache (up to version 0.4.6) affects the hex_hash_to_int16 function in the lmcache/integration/vllm/utils.py file, where a weak hash function is used. This flaw could potentially be manipulated locally by an attacker with a high skill level. The exploitability is considered difficult, and while an exploit has been published, no official patch or remediation has been released yet. The issue is tracked as CVE-2026-10813 with a CVSS 4.0 base score of 2.0, indicating low severity.
Potential Impact
The impact is limited due to the requirement for local access and high complexity of exploitation. The use of a weak hash may affect the integrity or security of the KV Cache Handler component, but no direct remote exploitation or widespread impact is indicated. No known exploits are reported in the wild, and the overall severity is low.
Mitigation Recommendations
No official patch or remediation is currently available as the pull request to fix the issue is awaiting acceptance. Users should monitor the vendor or project repository for updates and apply the fix once it is officially released. Given the difficulty of exploitation and local access requirement, immediate urgent action is not necessary but vigilance is advised.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-04T05:34:15.425Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a219e6ae29bf47b50b4473d
Added to database: 6/4/2026, 3:48:58 PM
Last enriched: 6/4/2026, 4:04:21 PM
Last updated: 6/5/2026, 4:57:28 AM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.