2484755 – (CVE-2026-10803) CVE-2026-10803 mlflow: MLflow: Use of weak hash in Dataset Digest Computation

Bug 2484755 (CVE-2026-10803) - CVE-2026-10803 mlflow: MLflow: Use of weak hash in Dataset Digest Computation

Summary: CVE-2026-10803 mlflow: MLflow: Use of weak hash in Dataset Digest Computation

Keywords:
Status:	NEW
Alias:	CVE-2026-10803
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-06-04 13:01 UTC by OSIDB Bzimport
Modified:	2026-06-08 04:19 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-06-04 13:01:19 UTC

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.

Note You need to log in before you can comment on or make changes to this bug.