PatchSiren cyber security CVE debrief
CVE-2026-10812 zilliztech CVE debrief
A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input_data[image] results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitation is known to be difficult.
- Vendor
- zilliztech
- Product
- GPTCache
- CVSS
- LOW 1.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of zilliztech GPTCache up to 0.1.44
Technical summary
The vulnerability is caused by the use of a weak hash in the BufferedReader.peek function in gptcache/processor/pre.py. This can be exploited by manipulating the input_data[image] argument.
Defensive priority
Low
Recommended defensive actions
- Update to a version of zilliztech GPTCache that is not vulnerable
- Use a strong hash function in the BufferedReader.peek function
Evidence notes
The vulnerability has been publicly disclosed and a pull request to fix the issue is awaiting acceptance.
Official resources
Publicly disclosed