PatchSiren cyber security CVE debrief
CVE-2026-10813 LMCache CVE debrief
A flaw has been found in LMCache up to 0.4.6. This affects the function hex_hash_to_int16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
- Vendor
- LMCache
- Product
- LMCache
- CVSS
- LOW 1.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of LMCache up to version 0.4.6 should be aware of this vulnerability and consider updating to a fixed version once available.
Technical summary
The vulnerability is located in the hex_hash_to_int16 function within the lmcache/integration/vllm/utils.py file of the LMCache component KV Cache Handler. This weakness allows for the use of weak hashes, potentially leading to security issues. The Common Vulnerabilities and Exposures (CVE) score for this issue is 1.1, indicating a low severity.
Defensive priority
Low
Recommended defensive actions
- Consider updating LMCache to a version beyond 0.4.6 once a patch is released.
- Review and apply the pull request at [ref-6] to fix the issue.
- Monitor the official LMCache repository [ref-4] for updates.
Evidence notes
Evidence for this CVE includes references to the LMCache GitHub repository [ref-4], issue tracker [ref-5], and a pull request addressing the issue [ref-6]. Additional information can be found on Vuldb [ref-7].
Official resources
CVE-2026-10813 was published on 2026-06-04T16:16:32.883Z and modified on 2026-06-04T16:32:40.690Z.