Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-10801

CVE-2026-10801: ModelScope ms-swift Weak Hash Vulnerability

CVE-2026-10801 is a weak hash vulnerability in ModelScope ms-swift up to version 4.2.0, affecting the PIL Image Cache Key Handler. This post covers the technical details, affected versions, security impact, and mitigation.

Published:

CVE-2026-10801 Overview

CVE-2026-10801 is a weak hash vulnerability in ModelScope ms-swift versions up to 4.2.0. The flaw resides in the Template._save_pil_image function within swift/template/base.py, part of the PIL Image Cache Key Handler component. The implementation relies on a cryptographically weak hash algorithm to generate cache keys, which can produce collisions [CWE-327]. Exploitation requires local access, valid low privileges, and high attack complexity, making practical abuse difficult. The exploit has been publicly disclosed, and the pull request to remediate the issue is pending acceptance.

Critical Impact

Local attackers with low privileges may induce hash collisions in image cache key generation, potentially leading to incorrect cache reuse or limited integrity and availability impact within ms-swift workflows.

Affected Products

  • ModelScope ms-swift versions up to and including 4.2.0
  • swift/template/base.py source file
  • PIL Image Cache Key Handler component (Template._save_pil_image)

Discovery Timeline

  • 2026-06-04 - CVE-2026-10801 published to NVD
  • 2026-06-04 - Last updated in NVD database

Technical Details for CVE-2026-10801

Vulnerability Analysis

The vulnerability exists in the _save_pil_image method of the Template class in swift/template/base.py. This routine generates cache keys for Python Imaging Library (PIL) image objects using a cryptographically weak hashing algorithm. Weak hash functions exhibit a higher probability of collisions, allowing distinct image inputs to map to the same cache key. When training or inference pipelines rely on this cache, a collision can return the wrong cached representation, degrading data integrity or producing inconsistent behavior. The issue is classified under CWE-327 (Use of a Broken or Risky Cryptographic Algorithm).

Root Cause

The root cause is the selection of a non-collision-resistant hash function for content-addressable caching of PIL images. Cache keying schemes that ingest attacker-controllable or attacker-influenceable image data require collision-resistant primitives such as SHA-256. The use of a weak primitive in Template._save_pil_image violates this requirement.

Attack Vector

The attack vector is local. An adversary must already hold low-privileged access to the host running ms-swift and supply crafted image inputs that hash to the same cache key as a legitimate image. The vulnerability description notes high attack complexity and limited integrity and availability impact, with no confidentiality impact. Refer to the GitHub Issue Report and VulDB Vulnerability Details for additional technical context.

No verified proof-of-concept code is available. The vulnerability mechanism is described in prose because no public exploit code has been verified against this advisory.

Detection Methods for CVE-2026-10801

Indicators of Compromise

  • Unexpected reuse of cached PIL image objects across distinct training or inference inputs in ms-swift pipelines.
  • Anomalous file or memory artifacts produced by Template._save_pil_image where input images differ but cache keys match.
  • Presence of ms-swift installations at versions 4.2.0 or earlier in machine learning hosts.

Detection Strategies

  • Inventory all hosts running ms-swift and verify the installed version against the 4.2.0 ceiling.
  • Audit swift/template/base.py for the unpatched _save_pil_image implementation referenced in GitHub Pull Request #9359.
  • Instrument the cache layer to log hash inputs and outputs, then alert on collisions across distinct image payloads.

Monitoring Recommendations

  • Monitor local user activity on ML training hosts for unexpected file submissions to ms-swift pipelines.
  • Track package manifests in CI/CD and container builds to flag any pinned ms-swift version at or below 4.2.0.
  • Review training job outputs for integrity anomalies that may indicate cache key collisions.

How to Mitigate CVE-2026-10801

Immediate Actions Required

  • Restrict local access to systems running ms-swift to trusted operators only.
  • Identify and isolate workflows that process untrusted image inputs through Template._save_pil_image.
  • Track the status of the upstream fix in GitHub Pull Request #9359 and plan deployment once merged.

Patch Information

At the time of publication, the pull request to fix CVE-2026-10801 awaits acceptance in the upstream ms-swift repository. No vendor-released patched version is listed in the advisory. Operators should monitor the GitHub Issue Report and the VulDB CVE Entry for updates and apply the fix as soon as it is merged and released.

Workarounds

  • Replace the weak hash invocation in _save_pil_image with a collision-resistant algorithm such as SHA-256 in a local fork until an upstream release is available.
  • Disable or bypass the PIL image cache in deployments that process attacker-influenceable image data.
  • Enforce least-privilege controls so that only vetted accounts can submit workloads to ms-swift.
bash
# Configuration example: verify installed ms-swift version and pin to a patched release once available
pip show ms-swift | grep -i version
# After the upstream fix is merged and released, upgrade:
# pip install --upgrade ms-swift

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.