CVE-2026-10812

Summary

A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input_data["image"] results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.

Affected Software

VendorProductVersion RangeStatus
zilliztechGPTCache0.1.0affected
zilliztechGPTCache0.1.1affected
zilliztechGPTCache0.1.2affected
zilliztechGPTCache0.1.3affected
zilliztechGPTCache0.1.4affected
zilliztechGPTCache0.1.5affected
zilliztechGPTCache0.1.6affected
zilliztechGPTCache0.1.7affected
zilliztechGPTCache0.1.8affected
zilliztechGPTCache0.1.9affected
zilliztechGPTCache0.1.10affected
zilliztechGPTCache0.1.11affected
zilliztechGPTCache0.1.12affected
zilliztechGPTCache0.1.13affected
zilliztechGPTCache0.1.14affected
zilliztechGPTCache0.1.15affected
zilliztechGPTCache0.1.16affected
zilliztechGPTCache0.1.17affected
zilliztechGPTCache0.1.18affected
zilliztechGPTCache0.1.19affected
zilliztechGPTCache0.1.20affected
zilliztechGPTCache0.1.21affected
zilliztechGPTCache0.1.22affected
zilliztechGPTCache0.1.23affected
zilliztechGPTCache0.1.24affected
zilliztechGPTCache0.1.25affected
zilliztechGPTCache0.1.26affected
zilliztechGPTCache0.1.27affected
zilliztechGPTCache0.1.28affected
zilliztechGPTCache0.1.29affected
zilliztechGPTCache0.1.30affected
zilliztechGPTCache0.1.31affected
zilliztechGPTCache0.1.32affected
zilliztechGPTCache0.1.33affected
zilliztechGPTCache0.1.34affected
zilliztechGPTCache0.1.35affected
zilliztechGPTCache0.1.36affected
zilliztechGPTCache0.1.37affected
zilliztechGPTCache0.1.38affected
zilliztechGPTCache0.1.39affected
zilliztechGPTCache0.1.40affected
zilliztechGPTCache0.1.41affected
zilliztechGPTCache0.1.42affected
zilliztechGPTCache0.1.43affected
zilliztechGPTCache0.1.44affected

Weaknesses

  • CWE-328: Use of Weak Hash
  • CWE-327: Risky Cryptographic Algorithm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References