AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-10804: A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/r

lowvulnerability

security

Source: NVD/CVE DatabaseJune 4, 2026CVE-2026-10804

Summary

Streamlit versions up to 1.53.0 contain a vulnerability in the hashing function (a process that converts data into a fixed-size code for security purposes) within its caching system that uses weak cryptographic methods. The vulnerability is difficult to exploit as it requires local access (being on the same computer) and high technical complexity, though it has been disclosed publicly.

Vulnerability Details

CVSS Score

3.6(low)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

Attack Vector

local

Attack Complexity

high

Privileges Required

low

User Interaction

none

Disclosure Date

June 4, 2026

Classification

Attack SophisticationAdvanced

Impact (CIA+S)

integrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-327 CWE-328

CAPEC (Attack Pattern)

CAPEC-20

Affected Vendors

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-10804

First tracked: June 5, 2026 at 02:08 AM

Classified by LLM (prompt v3) · confidence: 75%