Skip to main content

Dask

3 CVEs product

Monthly

CVE-2026-10705 LOW PATCH Monitor

Resource exhaustion in Dask up to version 3.0 allows authenticated remote attackers to trigger excessive resource consumption via the `nunique_approx` function in the HyperLogLog (HLL) handler component. The root cause is a HashDoS vulnerability - adversarially crafted string or object-type input values can be engineered to collide within the 32-bit hash space used for approximate distinct counting and shuffle partitioning, causing partition hotspotting and disproportionate CPU/memory load on worker nodes. No public exploit code exists at time of analysis, and the CVSS score of 3.1 (Low) with AC:H and A:L confirms limited real-world availability impact absent a targeted, high-complexity effort.

Denial Of Service Dask
NVD VulDB GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-23528 PyPI MEDIUM PATCH This Month

Dask distributed is a distributed task scheduler for Dask. [CVSS 6.1 MEDIUM]

Linux Python AI / ML Dask
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2021-42343 PyPI CRITICAL PATCH Act Now

An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE Dask
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Resource exhaustion in Dask up to version 3.0 allows authenticated remote attackers to trigger excessive resource consumption via the `nunique_approx` function in the HyperLogLog (HLL) handler component. The root cause is a HashDoS vulnerability - adversarially crafted string or object-type input values can be engineered to collide within the 32-bit hash space used for approximate distinct counting and shuffle partitioning, causing partition hotspotting and disproportionate CPU/memory load on worker nodes. No public exploit code exists at time of analysis, and the CVSS score of 3.1 (Low) with AC:H and A:L confirms limited real-world availability impact absent a targeted, high-complexity effort.

Denial Of Service Dask
NVD VulDB GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Dask distributed is a distributed task scheduler for Dask. [CVSS 6.1 MEDIUM]

Linux Python AI / ML +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE Dask
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy