Skip to main content

mlrun CVE-2026-10766

| EUVDEUVD-2026-34177 LOW
Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
2026-06-03 cna@vuldb.com GHSA-phx2-3w66-h4pw
1.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.1 LOW
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 03, 2026 - 20:34 vuln.today
Analysis Generated
Jun 03, 2026 - 20:34 vuln.today

DescriptionCVE.org

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.

AnalysisAI

SHA-1 hash collisions in mlrun's DataFrame Hash Handler allow a local authenticated user to corrupt dataset artifact integrity in ML pipelines up to version 1.12.0-rc3. The calculate_dataframe_hash function in mlrun/utils/helpers.py uses SHA-1 over raw pandas hash bytes without encoding type or schema information, meaning structurally distinct DataFrames - differing only in column dtype (e.g., bool vs int, int8 vs int64, datetime64[ns] vs int64) - produce identical hashes. Publicly available exploit code exists (disclosed via GitHub issue #9691 and PR #9692 with concrete collision test cases); no active exploitation is confirmed in CISA KEV.

Technical ContextAI

mlrun is an open-source MLOps framework for managing ML pipelines, experiments, and dataset artifacts. The vulnerable function calculate_dataframe_hash in mlrun/utils/helpers.py computes artifact identifiers using hashlib.sha1(pandas.util.hash_pandas_object(dataframe).values).hexdigest(). CWE-327 (Use of a Broken or Risky Cryptographic Algorithm) applies for two compounding reasons: first, SHA-1 is cryptographically deprecated and collision-prone; second, the implementation feeds raw numpy byte arrays from pandas.util.hash_pandas_object directly into SHA-1 with no schema or dtype metadata, so pandas' internal hash function treats different dtypes identically at the byte level. The PR #9692 fix replaces SHA-1 with SHA-256 and introduces schema-aware hashing that encodes column names, dtypes, dtype reprs, and index structure as a JSON schema prefix before hashing values - closing both the algorithm weakness and the type-confusion collision path. No CPE string is provided in available data.

RemediationAI

No vendor-released patched version has been confirmed at time of analysis - the fix is pending acceptance via GitHub pull request #9692 (https://github.com/mlrun/mlrun/pull/9692). Users should monitor that PR for merge and apply the resulting release once available. As a compensating control, operators running mlrun pipelines with dataset artifact deduplication should avoid workflows where DataFrames sharing identical raw values but differing dtypes (e.g., boolean vs integer columns, int8 vs int64, datetime64[ns] vs int64) are registered as artifacts - these are the documented collision patterns. There is no in-place workaround to replace the SHA-1 implementation without applying the patch, as the function is internal to the framework. Organizations with strict ML reproducibility requirements may consider pinning to a release once PR #9692 is merged and tagged.

Share

CVE-2026-10766 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy