EUVD-2026-34242
GHSA-prfw-69r3-wqxf
Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A high degree of complexity is needed for the attack. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.
AnalysisAI
Cache key collision in modelscope ms-swift up to 4.2.0 allows a local, low-privileged attacker to cause PIL image integrity failures via the Template._save_pil_image function in swift/template/base.py. The root cause is that the image cache key was computed by hashing only raw pixel bytes (image.tobytes()), without incorporating image metadata such as dimensions or color mode - meaning two structurally different images (e.g., 120×80 vs 80×120) sharing identical byte payloads produce the same SHA-256 cache key and thus collide to the same cached file path. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local system access with at least low-privileged credentials (CVSS PR:L) - remote unauthenticated exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The overall risk is very low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local, low-privileged user on a system running ms-swift fine-tuning or inference pipelines crafts two PIL images with identical raw pixel byte buffers but different dimensions - for example, 120×80 and 80×120 - so that image.tobytes() produces the same byte sequence for both. When the first image is processed and cached via Template._save_pil_image, the second image resolves to the same cache key and is served the first image's cached file instead of its own, silently corrupting the multimodal model input. … |
| Remediation | Upstream fix available via GitHub pull request #9359 (https://github.com/modelscope/ms-swift/pull/9359); a released patched version is not independently confirmed as the PR awaits acceptance. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today