CVE•Published 2026-06-04•Modified 2026-06-04•0 articles on news•5 live references•NVD data

CVE-2026-10800

Vulnerability data via NVD (ingested)

CVSS v3.1

3.6

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

EPSS percentile

—

Weaknesses (CWE)

CWE-327Use of a Broken or Risky Cryptographic Algorithm CWE-328Use of Weak Hash

Description

A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires local access. A high complexity level is associated with this attack. The exploitation is known to be difficult. This patch is called 374945747652a8d32965591c0c01a00c88b7067f. Applying a patch is advised to resolve this issue.

Timeline

Published 2026-06-04

Modified 2026-06-04

External references

NVD MITRE Exploit-DB Sploitus VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2026-10800

Hosts Shodan has explicitly fingerprinted as vulnerable.

More intel sources (5)

Shodan report

vuln:CVE-2026-10800

Country / ASN / product breakdown for the vuln query.

Censys

vulnerabilities.cve_id: CVE-2026-10800

Censys host search filtered to this CVE id.

grep.app

CVE-2026-10800