Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for GPTCache by zilliztech
CVE-2026-10812 (GCVE-0-2026-10812)
Vulnerability from nvd – Published: 2026-06-04 14:15 – Updated: 2026-06-04 15:06
VLAI
Title
zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash
Summary
A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input_data["image"] results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368260 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/368260/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10812 | third-party-advisory |
| https://vuldb.com/submit/831636 | third-party-advisory |
| https://github.com/zilliztech/GPTCache/issues/684 | exploitissue-tracking |
| https://github.com/zilliztech/GPTCache/pull/678 | issue-trackingpatch |
| https://github.com/zilliztech/GPTCache/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| zilliztech | GPTCache |
Affected:
0.1.0
Affected: 0.1.1 Affected: 0.1.2 Affected: 0.1.3 Affected: 0.1.4 Affected: 0.1.5 Affected: 0.1.6 Affected: 0.1.7 Affected: 0.1.8 Affected: 0.1.9 Affected: 0.1.10 Affected: 0.1.11 Affected: 0.1.12 Affected: 0.1.13 Affected: 0.1.14 Affected: 0.1.15 Affected: 0.1.16 Affected: 0.1.17 Affected: 0.1.18 Affected: 0.1.19 Affected: 0.1.20 Affected: 0.1.21 Affected: 0.1.22 Affected: 0.1.23 Affected: 0.1.24 Affected: 0.1.25 Affected: 0.1.26 Affected: 0.1.27 Affected: 0.1.28 Affected: 0.1.29 Affected: 0.1.30 Affected: 0.1.31 Affected: 0.1.32 Affected: 0.1.33 Affected: 0.1.34 Affected: 0.1.35 Affected: 0.1.36 Affected: 0.1.37 Affected: 0.1.38 Affected: 0.1.39 Affected: 0.1.40 Affected: 0.1.41 Affected: 0.1.42 Affected: 0.1.43 Affected: 0.1.44 cpe:2.3:a:zilliztech:gptcache:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10812",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T15:05:12.549426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T15:06:07.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:zilliztech:gptcache:*:*:*:*:*:*:*:*"
],
"modules": [
"Cache Key Handler"
],
"product": "GPTCache",
"vendor": "zilliztech",
"versions": [
{
"status": "affected",
"version": "0.1.0"
},
{
"status": "affected",
"version": "0.1.1"
},
{
"status": "affected",
"version": "0.1.2"
},
{
"status": "affected",
"version": "0.1.3"
},
{
"status": "affected",
"version": "0.1.4"
},
{
"status": "affected",
"version": "0.1.5"
},
{
"status": "affected",
"version": "0.1.6"
},
{
"status": "affected",
"version": "0.1.7"
},
{
"status": "affected",
"version": "0.1.8"
},
{
"status": "affected",
"version": "0.1.9"
},
{
"status": "affected",
"version": "0.1.10"
},
{
"status": "affected",
"version": "0.1.11"
},
{
"status": "affected",
"version": "0.1.12"
},
{
"status": "affected",
"version": "0.1.13"
},
{
"status": "affected",
"version": "0.1.14"
},
{
"status": "affected",
"version": "0.1.15"
},
{
"status": "affected",
"version": "0.1.16"
},
{
"status": "affected",
"version": "0.1.17"
},
{
"status": "affected",
"version": "0.1.18"
},
{
"status": "affected",
"version": "0.1.19"
},
{
"status": "affected",
"version": "0.1.20"
},
{
"status": "affected",
"version": "0.1.21"
},
{
"status": "affected",
"version": "0.1.22"
},
{
"status": "affected",
"version": "0.1.23"
},
{
"status": "affected",
"version": "0.1.24"
},
{
"status": "affected",
"version": "0.1.25"
},
{
"status": "affected",
"version": "0.1.26"
},
{
"status": "affected",
"version": "0.1.27"
},
{
"status": "affected",
"version": "0.1.28"
},
{
"status": "affected",
"version": "0.1.29"
},
{
"status": "affected",
"version": "0.1.30"
},
{
"status": "affected",
"version": "0.1.31"
},
{
"status": "affected",
"version": "0.1.32"
},
{
"status": "affected",
"version": "0.1.33"
},
{
"status": "affected",
"version": "0.1.34"
},
{
"status": "affected",
"version": "0.1.35"
},
{
"status": "affected",
"version": "0.1.36"
},
{
"status": "affected",
"version": "0.1.37"
},
{
"status": "affected",
"version": "0.1.38"
},
{
"status": "affected",
"version": "0.1.39"
},
{
"status": "affected",
"version": "0.1.40"
},
{
"status": "affected",
"version": "0.1.41"
},
{
"status": "affected",
"version": "0.1.42"
},
{
"status": "affected",
"version": "0.1.43"
},
{
"status": "affected",
"version": "0.1.44"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem0 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input_data[\"image\"] results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.4,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T14:15:11.204Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368260 | zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/368260"
},
{
"name": "VDB-368260 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368260/cti"
},
{
"name": "CVE-2026-10812 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10812"
},
{
"name": "Submit #831636 | zilliztech GPTCache 0.1.44 Cache poisoning / improper cache key generation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831636"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/zilliztech/GPTCache/issues/684"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/zilliztech/GPTCache/pull/678"
},
{
"tags": [
"product"
],
"url": "https://github.com/zilliztech/GPTCache/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-04T07:28:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10812",
"datePublished": "2026-06-04T14:15:11.204Z",
"dateReserved": "2026-06-04T05:22:50.962Z",
"dateUpdated": "2026-06-04T15:06:07.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10812 (GCVE-0-2026-10812)
Vulnerability from cvelistv5 – Published: 2026-06-04 14:15 – Updated: 2026-06-04 15:06
VLAI
Title
zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash
Summary
A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input_data["image"] results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368260 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/368260/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10812 | third-party-advisory |
| https://vuldb.com/submit/831636 | third-party-advisory |
| https://github.com/zilliztech/GPTCache/issues/684 | exploitissue-tracking |
| https://github.com/zilliztech/GPTCache/pull/678 | issue-trackingpatch |
| https://github.com/zilliztech/GPTCache/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| zilliztech | GPTCache |
Affected:
0.1.0
Affected: 0.1.1 Affected: 0.1.2 Affected: 0.1.3 Affected: 0.1.4 Affected: 0.1.5 Affected: 0.1.6 Affected: 0.1.7 Affected: 0.1.8 Affected: 0.1.9 Affected: 0.1.10 Affected: 0.1.11 Affected: 0.1.12 Affected: 0.1.13 Affected: 0.1.14 Affected: 0.1.15 Affected: 0.1.16 Affected: 0.1.17 Affected: 0.1.18 Affected: 0.1.19 Affected: 0.1.20 Affected: 0.1.21 Affected: 0.1.22 Affected: 0.1.23 Affected: 0.1.24 Affected: 0.1.25 Affected: 0.1.26 Affected: 0.1.27 Affected: 0.1.28 Affected: 0.1.29 Affected: 0.1.30 Affected: 0.1.31 Affected: 0.1.32 Affected: 0.1.33 Affected: 0.1.34 Affected: 0.1.35 Affected: 0.1.36 Affected: 0.1.37 Affected: 0.1.38 Affected: 0.1.39 Affected: 0.1.40 Affected: 0.1.41 Affected: 0.1.42 Affected: 0.1.43 Affected: 0.1.44 cpe:2.3:a:zilliztech:gptcache:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10812",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T15:05:12.549426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T15:06:07.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:zilliztech:gptcache:*:*:*:*:*:*:*:*"
],
"modules": [
"Cache Key Handler"
],
"product": "GPTCache",
"vendor": "zilliztech",
"versions": [
{
"status": "affected",
"version": "0.1.0"
},
{
"status": "affected",
"version": "0.1.1"
},
{
"status": "affected",
"version": "0.1.2"
},
{
"status": "affected",
"version": "0.1.3"
},
{
"status": "affected",
"version": "0.1.4"
},
{
"status": "affected",
"version": "0.1.5"
},
{
"status": "affected",
"version": "0.1.6"
},
{
"status": "affected",
"version": "0.1.7"
},
{
"status": "affected",
"version": "0.1.8"
},
{
"status": "affected",
"version": "0.1.9"
},
{
"status": "affected",
"version": "0.1.10"
},
{
"status": "affected",
"version": "0.1.11"
},
{
"status": "affected",
"version": "0.1.12"
},
{
"status": "affected",
"version": "0.1.13"
},
{
"status": "affected",
"version": "0.1.14"
},
{
"status": "affected",
"version": "0.1.15"
},
{
"status": "affected",
"version": "0.1.16"
},
{
"status": "affected",
"version": "0.1.17"
},
{
"status": "affected",
"version": "0.1.18"
},
{
"status": "affected",
"version": "0.1.19"
},
{
"status": "affected",
"version": "0.1.20"
},
{
"status": "affected",
"version": "0.1.21"
},
{
"status": "affected",
"version": "0.1.22"
},
{
"status": "affected",
"version": "0.1.23"
},
{
"status": "affected",
"version": "0.1.24"
},
{
"status": "affected",
"version": "0.1.25"
},
{
"status": "affected",
"version": "0.1.26"
},
{
"status": "affected",
"version": "0.1.27"
},
{
"status": "affected",
"version": "0.1.28"
},
{
"status": "affected",
"version": "0.1.29"
},
{
"status": "affected",
"version": "0.1.30"
},
{
"status": "affected",
"version": "0.1.31"
},
{
"status": "affected",
"version": "0.1.32"
},
{
"status": "affected",
"version": "0.1.33"
},
{
"status": "affected",
"version": "0.1.34"
},
{
"status": "affected",
"version": "0.1.35"
},
{
"status": "affected",
"version": "0.1.36"
},
{
"status": "affected",
"version": "0.1.37"
},
{
"status": "affected",
"version": "0.1.38"
},
{
"status": "affected",
"version": "0.1.39"
},
{
"status": "affected",
"version": "0.1.40"
},
{
"status": "affected",
"version": "0.1.41"
},
{
"status": "affected",
"version": "0.1.42"
},
{
"status": "affected",
"version": "0.1.43"
},
{
"status": "affected",
"version": "0.1.44"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem0 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input_data[\"image\"] results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.4,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T14:15:11.204Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368260 | zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/368260"
},
{
"name": "VDB-368260 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368260/cti"
},
{
"name": "CVE-2026-10812 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10812"
},
{
"name": "Submit #831636 | zilliztech GPTCache 0.1.44 Cache poisoning / improper cache key generation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831636"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/zilliztech/GPTCache/issues/684"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/zilliztech/GPTCache/pull/678"
},
{
"tags": [
"product"
],
"url": "https://github.com/zilliztech/GPTCache/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-04T07:28:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10812",
"datePublished": "2026-06-04T14:15:11.204Z",
"dateReserved": "2026-06-04T05:22:50.962Z",
"dateUpdated": "2026-06-04T15:06:07.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}