PaddlePaddle FastDeploy MultimodalHasher hasher.py hash_features weak hash
CVE-2026-10800

2LOW

Key Information:

Vendor

Paddlepaddle

Status
Fastdeploy
Vendor
CVE Published:
4 June 2026

What is CVE-2026-10800?

A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires local access. A high complexity level is associated with this attack. The exploitation is known to be difficult. This patch is called 374945747652a8d32965591c0c01a00c88b7067f. Applying a patch is advised to resolve this issue.

Affected Version(s)

FastDeploy 2.4.0

FastDeploy 2.4.1

References

https://vuldb.com/vuln/368249
vdb-entrytechnical-description
https://vuldb.com/vuln/368249/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-10800
third-party-advisory

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dem0 (VulDB User)
.