CVE-2026-10803: A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflo
lowvulnerability
security
Summary
MLflow versions up to 3.10.0 contain a vulnerability in the dataset digest computation function that uses weak cryptographic hashing (a mathematical function that converts data into a fixed-size code, but this version uses an insecure version). The flaw requires local access to exploit and is difficult to execute, but a working exploit has been published.
Vulnerability Details
CVSS Score
3.6(low)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
Attack Vector
local
Attack Complexity
high
Privileges Required
low
User Interaction
none
Patch Available
Yes
Disclosure Date
June 4, 2026
Classification
Attack Type
Other
Attack SophisticationAdvanced
Impact (CIA+S)
integrity
AI Component TargetedTraining Data
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-10803
First tracked: June 5, 2026 at 02:08 AM
Classified by LLM (prompt v3) · confidence: 85%