Skip to main content

GPTCache EUVD-2026-34272

| CVE-2026-10812 LOW
Use of Weak Hash (CWE-328)
2026-06-04 VulDB GHSA-xfqj-4cr9-9gr5
Information Disclosure Gptcache
1.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.1 LOW
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVSS changed
Jun 04, 2026 - 15:22 NVD
3.6 (LOW) 1.1 (LOW)
Source Code Evidence Fetched
Jun 04, 2026 - 14:54 vuln.today
Analysis Generated
Jun 04, 2026 - 14:54 vuln.today

DescriptionCVE.org

A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input_data["image"] results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.

AnalysisAI

Cache poisoning in zilliztech GPTCache (up to version 0.1.44) allows a local, low-privileged attacker to corrupt LLM response cache entries by exploiting weak image fingerprinting in the Cache Key Handler. The BufferedReader.peek() method in gptcache/processor/pre.py only reads the first ~8192 bytes of an image file to construct a cache key, meaning two distinct images sharing an identical header prefix generate the same cache key and collide. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Gain local low-privilege access to GPTCache host
Delivery
Craft img_B with 8192-byte header identical to target img_A
Exploit
Submit img_A query to populate cache entry
Install
Submit img_B query with same question
C2
peek() returns identical prefix; cache key collides
Execute
GPTCache serves img_A cached response for img_B query
Impact
LLM response cache poisoned
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires local system access with at least low-level user privileges, as confirmed by CVSS vector AV:L/PR:L - remote unauthenticated exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 3.6 (Low) reflects genuine real-world constraints: the attack vector is local (AV:L), complexity is high (AC:H), and low-privilege authentication is required (PR:L), with no confidentiality impact (C:N) and only limited integrity and availability impact (I:L/A:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with low-privilege system access to a host running GPTCache with image-based query processing first submits a legitimate image (img_A) paired with a question, which GPTCache caches along with the LLM's response. The attacker then constructs img_B - a different image with an identical first 8192 bytes (e.g., the same JPEG SOI/APP0 marker sequence padded to fill the buffer) but divergent payload content - and submits it with the same question. …
Remediation The upstream fix is available as pull request #678 (https://github.com/zilliztech/GPTCache/pull/678), which replaces all `peek()`-based image fingerprinting with a full-file SHA-256 hash via the new `_hash_file()` helper. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-34272 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy