Weak Hash Vulnerability in Exo's Vision Feature Cache Component
CVE-2026-14738
Key Information:
- Vendor
Exo-explore
- Status
- Vendor
- CVE Published:
- 5 July 2026
Badges
What is CVE-2026-14738?
A security flaw has been identified in Exo's Vision Feature Cache component, specifically within the _image_cache_key function located in the vision.py file of the Exo Explore up to version 1.0.71. This vulnerability arises from the use of a weak hashing mechanism, rendering it susceptible to exploitation. Attackers may execute remote attacks, though the complexity of exploiting this vulnerability is considered high. An exploit has been publicly released, highlighting the urgency for patching. A pull request addressing this flaw is pending acceptance.
Affected Version(s)
exo 1.0.0
exo 1.0.1
exo 1.0.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
