CVE-2026-10801
Weak Hash in MS-Swift PIL Image Cache Key Handler
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| modelscope | ms-swift | to 4.2.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-328 | The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack). |
| CWE-327 | The product uses a broken or risky cryptographic algorithm or protocol. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-10801 is a security vulnerability in the modelscope ms-swift framework affecting the function Template._save_pil_image in the PIL Image Cache Key Handler. The vulnerability arises because the cache key for images is generated using only the raw pixel bytes of the image, ignoring important metadata such as image mode, width, and height. This causes different images that share the same pixel data but have different dimensions to produce identical cache keys, leading to cache collisions.
As a result, the system may reuse cached image files incorrectly, causing images with different dimensions to be treated as the same image. This can lead to incorrect image data being used during processing. The vulnerability requires local access and a high degree of complexity to exploit. A fix has been proposed that modifies the hash calculation to include image mode, width, and height along with the pixel bytes to ensure unique cache keys for different images.
How can this vulnerability impact me? :
This vulnerability can impact you by causing incorrect image data to be used during multimodal inference or training processes within the ms-swift framework. Specifically, because different images with the same pixel bytes but different dimensions share the same cache key, the system might reuse a cached image incorrectly.
This can lead to inaccurate or corrupted results in applications relying on image data, such as machine learning model training or inference involving images. The impact is limited by the need for local access and the high complexity of the attack, but it may still cause subtle errors or inconsistencies in image processing workflows.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by verifying if the ms-swift installation uses the vulnerable version up to 4.2.0 where the Template._save_pil_image function generates cache keys using only the raw pixel bytes without including image mode, width, and height. A practical detection method is to reproduce the cache key collision by creating two RGB images from the same raw bytes but with different dimensions (e.g., 120x80 and 80x120), saving them using the same cache directory, and checking if they produce the same cache path.
Commands to detect the issue could involve using Python scripts with the PIL library to create such images and observe cache behavior. For example, a script that creates two images with identical pixel data but different dimensions and saves them via the ms-swift Template._save_pil_image function, then checks if the cache paths collide.
- Use Python with PIL to create two images with the same pixel bytes but different sizes.
- Save both images using the vulnerable ms-swift Template._save_pil_image method.
- Check if the cache paths for both images are identical, indicating a collision.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves updating the ms-swift framework to a version that includes the fix for this vulnerability. The fix modifies the cache key generation in the Template._save_pil_image function to include image mode, width, and height in the SHA256 hash input, preventing cache key collisions.
If an immediate update is not possible, a temporary workaround could be to patch the Template._save_pil_image method locally by incorporating image metadata (mode, width, height) into the hash calculation before the raw pixel bytes.
- Apply the patch that includes image mode, width, and height in the cache key hash input.
- Monitor the ms-swift repository for acceptance of the pull request fixing this issue.
- Limit local access to systems running vulnerable versions to reduce risk, as the attack requires local access and has high complexity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of the CVE-2026-10801 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.