CVE-2026-7845
Deferred Deferred - Pending Action
Weak Hash Usage in Langchain-Chatchat Vision Chat Paste Image Handler

Publication date: 2026-05-05

Last updated on: 2026-05-05

Assigner: VulDB

Description
A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument paste_image.image_data causes use of weak hash. The attacker needs to be present on the local network. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-14
NVD
CVE-2026-7845
EUVD
EUVD-2026-27390
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
chatchat-space langchain-chatchat to 0.3.1.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-328 The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7845 is a vulnerability in Langchain-Chatchat versions up to 0.3.1.3 that arises from the use of the PIL.Image.tobytes() method to compute MD5 hashes for filenames of pasted images in vision chat dialogues.

The tobytes() method only serializes the raw pixel data of an image, ignoring important metadata such as image dimensions, mode, palette data, and transparency. This allows an attacker to create two visually different PNG images in Palette mode that produce identical tobytes() outputs, resulting in the same MD5 hash and filename.

In a multi-tenant environment where attacker and victim share the same service, the attacker can upload a specially crafted image that overwrites the victim's image file on the server without guessing filenames.

When the language model later fetches the image, it retrieves the attacker's image instead of the victim's, causing incorrect or manipulated responses.

The vulnerability requires the attacker to be on the local network and is considered difficult to exploit.

Impact Analysis

This vulnerability can allow an attacker sharing the same multi-tenant Langchain-Chatchat service to overwrite image files uploaded by other users.

As a result, the language model may process and respond based on manipulated or incorrect images supplied by the attacker instead of the legitimate images.

This can lead to misinformation, incorrect outputs, or potentially malicious manipulation of the chat system's behavior.

The attack requires local network presence and is complex to execute, but the exploit has been published and may be used.

Detection Guidance

This vulnerability can be detected by checking if the affected Langchain-Chatchat version (up to 0.3.1.3) is in use and if the vulnerable code uses PIL.Image.tobytes() to compute MD5 hashes for pasted images in the file libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py around line 278.

To detect exploitation attempts on your system or network, you can monitor for unusual file overwrites or collisions of image filenames on the server, especially in multi-tenant environments where multiple users upload images.

Suggested commands to help detect the vulnerability or exploitation attempts include:

  • Check the installed version of Langchain-Chatchat: `pip show langchain-chatchat` or inspect the application version directly.
  • Search for the vulnerable code pattern in the source: `grep -n 'tobytes()' libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py`
  • Monitor server logs or file system events for unexpected overwrites of image files, for example using `inotifywait` on Linux: `inotifywait -m /path/to/image/storage -e modify,create`
  • Check for suspicious image files with identical MD5 hashes but different visual content by computing hashes on stored images: `md5sum /path/to/images/*` and visually inspecting collisions.
Mitigation Strategies

Immediate mitigation steps include:

  • Upgrade Langchain-Chatchat to a version where the vulnerability is fixed by hashing the complete PNG byte stream including metadata using SHA-256 instead of using PIL.Image.tobytes() and MD5.
  • If an upgrade is not immediately possible, apply a patch to the vulnerable code to replace the MD5 hash of the raw pixel data with a SHA-256 hash of the full PNG byte stream saved to a buffer.
  • Restrict access to the multi-tenant environment to trusted users only, as the attack requires local network presence and multi-tenant sharing.
  • Monitor and audit image uploads for suspicious collisions or overwrites.
Compliance Impact

The vulnerability allows an attacker to overwrite image files on the server by exploiting hash collisions, potentially causing the system to process incorrect images. This could lead to data integrity issues and unauthorized data manipulation in multi-tenant environments.

Such data integrity and security weaknesses may impact compliance with standards and regulations like GDPR and HIPAA, which require protection against unauthorized data alteration and ensuring data accuracy and integrity.

However, the provided information does not explicitly discuss the direct impact on compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7845. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart