CVE-2026-10801
Deferred Deferred - Pending Action
Weak Hash in MS-Swift PIL Image Cache Key Handler

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: VulDB

Description
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A high degree of complexity is needed for the attack. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-24
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-23
NVD
CVE-2026-10801
EUVD
EUVD-2026-34242
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
modelscope ms-swift to 4.2.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-328 The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-10801 is a security vulnerability in the modelscope ms-swift framework affecting the function Template._save_pil_image in the PIL Image Cache Key Handler. The vulnerability arises because the cache key for images is generated using only the raw pixel bytes of the image, ignoring important metadata such as image mode, width, and height. This causes different images that share the same pixel data but have different dimensions to produce identical cache keys, leading to cache collisions.

As a result, the system may reuse cached image files incorrectly, causing images with different dimensions to be treated as the same image. This can lead to incorrect image data being used during processing. The vulnerability requires local access and a high degree of complexity to exploit. A fix has been proposed that modifies the hash calculation to include image mode, width, and height along with the pixel bytes to ensure unique cache keys for different images.

Impact Analysis

This vulnerability can impact you by causing incorrect image data to be used during multimodal inference or training processes within the ms-swift framework. Specifically, because different images with the same pixel bytes but different dimensions share the same cache key, the system might reuse a cached image incorrectly.

This can lead to inaccurate or corrupted results in applications relying on image data, such as machine learning model training or inference involving images. The impact is limited by the need for local access and the high complexity of the attack, but it may still cause subtle errors or inconsistencies in image processing workflows.

Detection Guidance

This vulnerability can be detected by verifying if the ms-swift installation uses the vulnerable version up to 4.2.0 where the Template._save_pil_image function generates cache keys using only the raw pixel bytes without including image mode, width, and height. A practical detection method is to reproduce the cache key collision by creating two RGB images from the same raw bytes but with different dimensions (e.g., 120x80 and 80x120), saving them using the same cache directory, and checking if they produce the same cache path.

Commands to detect the issue could involve using Python scripts with the PIL library to create such images and observe cache behavior. For example, a script that creates two images with identical pixel data but different dimensions and saves them via the ms-swift Template._save_pil_image function, then checks if the cache paths collide.

  • Use Python with PIL to create two images with the same pixel bytes but different sizes.
  • Save both images using the vulnerable ms-swift Template._save_pil_image method.
  • Check if the cache paths for both images are identical, indicating a collision.
Mitigation Strategies

Immediate mitigation involves updating the ms-swift framework to a version that includes the fix for this vulnerability. The fix modifies the cache key generation in the Template._save_pil_image function to include image mode, width, and height in the SHA256 hash input, preventing cache key collisions.

If an immediate update is not possible, a temporary workaround could be to patch the Template._save_pil_image method locally by incorporating image metadata (mode, width, height) into the hash calculation before the raw pixel bytes.

  • Apply the patch that includes image mode, width, and height in the cache key hash input.
  • Monitor the ms-swift repository for acceptance of the pull request fixing this issue.
  • Limit local access to systems running vulnerable versions to reduce risk, as the attack requires local access and has high complexity.
Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-10801 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10801. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart