CVE-2026-7845
Weak Hash Usage in Langchain-Chatchat Vision Chat Paste Image Handler
Publication date: 2026-05-05
Last updated on: 2026-05-05
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chatchat-space | langchain-chatchat | to 0.3.1.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-327 | The product uses a broken or risky cryptographic algorithm or protocol. |
| CWE-328 | The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7845 is a vulnerability in Langchain-Chatchat versions up to 0.3.1.3 that arises from the use of the PIL.Image.tobytes() method to compute MD5 hashes for filenames of pasted images in vision chat dialogues.
The tobytes() method only serializes the raw pixel data of an image, ignoring important metadata such as image dimensions, mode, palette data, and transparency. This allows an attacker to create two visually different PNG images in Palette mode that produce identical tobytes() outputs, resulting in the same MD5 hash and filename.
In a multi-tenant environment where attacker and victim share the same service, the attacker can upload a specially crafted image that overwrites the victim's image file on the server without guessing filenames.
When the language model later fetches the image, it retrieves the attacker's image instead of the victim's, causing incorrect or manipulated responses.
The vulnerability requires the attacker to be on the local network and is considered difficult to exploit.
How can this vulnerability impact me? :
This vulnerability can allow an attacker sharing the same multi-tenant Langchain-Chatchat service to overwrite image files uploaded by other users.
As a result, the language model may process and respond based on manipulated or incorrect images supplied by the attacker instead of the legitimate images.
This can lead to misinformation, incorrect outputs, or potentially malicious manipulation of the chat system's behavior.
The attack requires local network presence and is complex to execute, but the exploit has been published and may be used.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the affected Langchain-Chatchat version (up to 0.3.1.3) is in use and if the vulnerable code uses PIL.Image.tobytes() to compute MD5 hashes for pasted images in the file libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py around line 278.
To detect exploitation attempts on your system or network, you can monitor for unusual file overwrites or collisions of image filenames on the server, especially in multi-tenant environments where multiple users upload images.
Suggested commands to help detect the vulnerability or exploitation attempts include:
- Check the installed version of Langchain-Chatchat: `pip show langchain-chatchat` or inspect the application version directly.
- Search for the vulnerable code pattern in the source: `grep -n 'tobytes()' libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py`
- Monitor server logs or file system events for unexpected overwrites of image files, for example using `inotifywait` on Linux: `inotifywait -m /path/to/image/storage -e modify,create`
- Check for suspicious image files with identical MD5 hashes but different visual content by computing hashes on stored images: `md5sum /path/to/images/*` and visually inspecting collisions.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Upgrade Langchain-Chatchat to a version where the vulnerability is fixed by hashing the complete PNG byte stream including metadata using SHA-256 instead of using PIL.Image.tobytes() and MD5.
- If an upgrade is not immediately possible, apply a patch to the vulnerable code to replace the MD5 hash of the raw pixel data with a SHA-256 hash of the full PNG byte stream saved to a buffer.
- Restrict access to the multi-tenant environment to trusted users only, as the attack requires local network presence and multi-tenant sharing.
- Monitor and audit image uploads for suspicious collisions or overwrites.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker to overwrite image files on the server by exploiting hash collisions, potentially causing the system to process incorrect images. This could lead to data integrity issues and unauthorized data manipulation in multi-tenant environments.
Such data integrity and security weaknesses may impact compliance with standards and regulations like GDPR and HIPAA, which require protection against unauthorized data alteration and ensuring data accuracy and integrity.
However, the provided information does not explicitly discuss the direct impact on compliance with these regulations.