PatchSiren cyber security CVE debrief
CVE-2026-10800 PaddlePaddle CVE debrief
A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires local access. A high complexity level is associated with this attack. The exploitation is known to be difficult.
- Vendor
- PaddlePaddle
- Product
- FastDeploy
- CVSS
- LOW 2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of PaddlePaddle FastDeploy up to version 2.4.1 should be aware of this issue and take steps to mitigate it.
Technical summary
The vulnerability is located in the MultimodalHasher component, specifically in the hash_features function of the fastdeploy/multimodal/hasher.py file. This weakness allows for the use of weak hashes, which can be exploited with local access and high complexity.
Defensive priority
Low
Recommended defensive actions
- Apply the patch 374945747652a8d32965591c0c01a00c88b7067f to resolve this issue.
- Review and update PaddlePaddle FastDeploy to a version beyond 2.4.1 if possible.
Evidence notes
The CVE-2026-10800 record was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-10800). Additional details can be found on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-10800).
Official resources
CVE-2026-10800 was published on 2026-06-04T10:16:38.633Z and modified on 2026-06-04T16:35:27.803Z.