modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash
CVE-2026-10801

2LOW

Key Information:

Vendor: Modelscope
Status: Ms-swift
Vendor: CVE Published:; 4 June 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-10801?

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A high degree of complexity is needed for the attack. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.

Affected Version(s)

ms-swift 4.0

ms-swift 4.1

ms-swift 4.2.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-10801 - Proof of Concept

References

https://vuldb.com/vuln/368250

vdb-entrytechnical-description

https://vuldb.com/vuln/368250/cti

signaturepermissions-required

https://vuldb.com/cve/CVE-2026-10801

third-party-advisory

CVSS V4

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 4, 2026
👾
Exploit known to exist
Jun 4, 2026
Vulnerability published
Jun 4, 2026
Vulnerability Reserved
Jun 4, 2026

Credit

Dem0 (VulDB User)

VulDB CNA Team

CVE-2026-10801 Data

JSON

Modelscope

Badges

What is CVE-2026-10801?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit