{"data":{"id":"21622554-53db-4e4e-8b1c-f1f635d69608","title":"CVE-2026-10803: A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflo","summary":"MLflow versions up to 3.10.0 contain a vulnerability in the dataset digest computation function that uses weak cryptographic hashing (a mathematical function that converts data into a fixed-size code, but this version uses an insecure version). The flaw requires local access to exploit and is difficult to execute, but a working exploit has been published.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-10803","publishedAt":"2026-06-04T12:16:24.440Z","cveId":"CVE-2026-10803","cweIds":["CWE-327","CWE-328"],"cvssScore":"3.6","cvssSeverity":"low","severity":"low","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["MLflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L","attackVector":"local","attackComplexity":"high","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-06-04T12:16:24.440Z","capecIds":["CAPEC-20"],"crossRefCount":0,"attackSophistication":"advanced","impactType":["integrity"],"aiComponentTargeted":"training_data","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}