PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-10804 Streamlit CVE debrief

A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a high level of complexity. The exploitability is considered difficult.

Vendor
Streamlit
Product
Streamlit
CVSS
LOW 1.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-04
Original CVE updated
2026-06-10
Advisory published
2026-06-04
Advisory updated
2026-06-10

Who should care

Users of Streamlit up to version 1.53.0 should be aware of this vulnerability and take steps to mitigate it.

Technical summary

The vulnerability is caused by the use of a weak hash in the lib/streamlit/runtime/caching/hashing.py file of the Streamlit library. This vulnerability has been assigned a CVSS score of 1.1 and a severity of LOW.

Defensive priority

LOW

Recommended defensive actions

  • Update Streamlit to a version greater than 1.53.0
  • Refer to [ref-5](resourceLinkAnnotations.ref-5) and [ref-6](resourceLinkAnnotations.ref-6) for mitigation and patch information

Evidence notes

The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.

Official resources

The vulnerability was disclosed on 2026-06-04T12:16:24.620Z and modified on 2026-06-10T17:47:27.803Z.