CVE-2026-10766
Received Received - Intake
Use of Weak Hash in MLRun DataFrame Hash Handler

Publication date: 2026-06-03

Last updated on: 2026-06-03

Assigner: VulDB

Description
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-03
Generated
2026-06-04
AI Q&A
2026-06-03
EPSS Evaluated
N/A
NVD
CVE-2026-10766
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
mlrun mlrun to 1.12.0-rc3 (inc)
mlrun mlrun to 1.11.0-rc42 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-328 The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the MLRun project, specifically in the function calculate_dataframe_hash within the DataFrame Hash Handler component. The issue arises because the hashing method used can produce identical hash values for different DataFrames due to collisions caused by ignoring data types and schema differences. This leads to hash collisions where distinct DataFrames may be treated as the same, causing dataset artifact path conflicts.

The root cause is that the previous hashing relied on pandas' internal hashing mechanism, which does not account for dtype or schema metadata, resulting in collisions between DataFrames with different data types or schemas. An attacker with local access could exploit this weakness, although the attack complexity is high and exploitability is difficult.


How can this vulnerability impact me? :

The vulnerability can lead to silent data corruption and dataset artifact path conflicts. Because different DataFrames can produce the same hash, artifacts may overwrite each other or stale data may be read unintentionally.

This can cause integrity risks for authenticated users who have write access to artifacts, potentially resulting in incorrect metadata, data loss, or inconsistent dataset versions.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

The vulnerability relates to the use of a weak hash function in the mlrun.utils.helpers.calculate_dataframe_hash function, which can cause DataFrame hash collisions leading to dataset artifact path conflicts and silent data corruption.

Detection involves identifying if your MLRun installation is using a vulnerable version (up to 1.12.0-rc3) where the hashing method relies on pandas' internal hashing mechanism that does not account for dtype/schema differences.

Since the attack is local and the exploit complexity is high, direct network detection commands are not applicable.

To detect the vulnerability on your system, you can check the MLRun version installed and inspect if the calculate_dataframe_hash function uses the old hashing method.

  • Check MLRun version: `mlrun --version` or inspect the installed package version via `pip show mlrun`.
  • Review the source code of `mlrun/utils/helpers.py` to see if the calculate_dataframe_hash function uses pandas.util.hash_pandas_object without the updated SHA-256 based hashing.
  • Run test cases or scripts that create DataFrames with different dtypes but similar data to see if their hashes collide, indicating the vulnerable hashing method.

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating MLRun to a version where the vulnerability is fixed by reworking the calculate_dataframe_hash function to use a SHA-256 hash over stable DataFrame schema metadata combined with separately hashed index and column values.

Since the fix is pending acceptance in a pull request, you can apply the patch manually from the pull request or avoid using the vulnerable function until the fix is merged and released.

  • Apply the fix from the pull request that replaces the weak hash with a SHA-256 based hashing method incorporating schema and dtype information.
  • Restrict local access to the environment where MLRun is running to prevent exploitation, as the attack requires local environment access.
  • Monitor for any unexpected dataset artifact path conflicts or silent data corruption that could indicate exploitation.
  • Plan to upgrade MLRun to a fixed version once the patch is officially released.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability in MLRun involves the use of a weak hash function for DataFrame hashing, which can lead to hash collisions causing dataset artifact path conflicts and silent data corruption.

Such data integrity issues could potentially impact compliance with standards and regulations like GDPR or HIPAA, which require ensuring data accuracy, integrity, and protection against unauthorized alteration.

However, the vulnerability requires local access and has a high attack complexity, which may limit the risk of exploitation.

No explicit information is provided in the available resources about direct effects on compliance with GDPR, HIPAA, or other regulations.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart