CVE-2026-14738

Summary

A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function _image_cache_key of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.

Affected Software

VendorProductVersion RangeStatus
exo-exploreexo1.0.0affected
exo-exploreexo1.0.1affected
exo-exploreexo1.0.2affected
exo-exploreexo1.0.3affected
exo-exploreexo1.0.4affected
exo-exploreexo1.0.5affected
exo-exploreexo1.0.6affected
exo-exploreexo1.0.7affected
exo-exploreexo1.0.8affected
exo-exploreexo1.0.9affected
exo-exploreexo1.0.10affected
exo-exploreexo1.0.11affected
exo-exploreexo1.0.12affected
exo-exploreexo1.0.13affected
exo-exploreexo1.0.14affected
exo-exploreexo1.0.15affected
exo-exploreexo1.0.16affected
exo-exploreexo1.0.17affected
exo-exploreexo1.0.18affected
exo-exploreexo1.0.19affected
exo-exploreexo1.0.20affected
exo-exploreexo1.0.21affected
exo-exploreexo1.0.22affected
exo-exploreexo1.0.23affected
exo-exploreexo1.0.24affected
exo-exploreexo1.0.25affected
exo-exploreexo1.0.26affected
exo-exploreexo1.0.27affected
exo-exploreexo1.0.28affected
exo-exploreexo1.0.29affected
exo-exploreexo1.0.30affected
exo-exploreexo1.0.31affected
exo-exploreexo1.0.32affected
exo-exploreexo1.0.33affected
exo-exploreexo1.0.34affected
exo-exploreexo1.0.35affected
exo-exploreexo1.0.36affected
exo-exploreexo1.0.37affected
exo-exploreexo1.0.38affected
exo-exploreexo1.0.39affected
exo-exploreexo1.0.40affected
exo-exploreexo1.0.41affected
exo-exploreexo1.0.42affected
exo-exploreexo1.0.43affected
exo-exploreexo1.0.44affected
exo-exploreexo1.0.45affected
exo-exploreexo1.0.46affected
exo-exploreexo1.0.47affected
exo-exploreexo1.0.48affected
exo-exploreexo1.0.49affected
exo-exploreexo1.0.50affected
exo-exploreexo1.0.51affected
exo-exploreexo1.0.52affected
exo-exploreexo1.0.53affected
exo-exploreexo1.0.54affected
exo-exploreexo1.0.55affected
exo-exploreexo1.0.56affected
exo-exploreexo1.0.57affected
exo-exploreexo1.0.58affected
exo-exploreexo1.0.59affected
exo-exploreexo1.0.60affected
exo-exploreexo1.0.61affected
exo-exploreexo1.0.62affected
exo-exploreexo1.0.63affected
exo-exploreexo1.0.64affected
exo-exploreexo1.0.65affected
exo-exploreexo1.0.66affected
exo-exploreexo1.0.67affected
exo-exploreexo1.0.68affected
exo-exploreexo1.0.69affected
exo-exploreexo1.0.70affected
exo-exploreexo1.0.71affected

Weaknesses

  • CWE-328: Use of Weak Hash
  • CWE-327: Risky Cryptographic Algorithm

References