CVE-2026-7845 Overview
CVE-2026-7845 is a weak hash algorithm vulnerability [CWE-327] in chatchat-space Langchain-Chatchat versions up to 0.3.1.3. The flaw resides in the PIL.Image.tobytes function within libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py, part of the Vision Chat Paste Image Handler component. Manipulation of the paste_image.image_data argument triggers use of a weak hash, enabling potential hash collisions on pasted image content. The attacker must reside on the adjacent network, and the attack carries high complexity. The exploit has been published, but the project has not responded to the issue report at the time of disclosure.
Critical Impact
Adjacent-network attackers can engineer hash collisions against image data processed by the Vision Chat Paste Image Handler, undermining integrity assumptions in the dialogue pipeline.
Affected Products
- chatchat-space Langchain-Chatchat up to and including version 0.3.1.3
- Component: Vision Chat Paste Image Handler in libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py
- Function affected: PIL.Image.tobytes invocation path handling paste_image.image_data
Discovery Timeline
- 2026-05-05 - CVE-2026-7845 published to NVD
- 2026-05-05 - Last updated in NVD database
Technical Details for CVE-2026-7845
Vulnerability Analysis
The vulnerability stems from reliance on a weak hashing algorithm when processing image bytes returned by PIL.Image.tobytes. The Vision Chat Paste Image Handler uses the resulting digest of paste_image.image_data for identification or deduplication purposes within the dialogue workflow. Because the chosen hash is cryptographically weak, an attacker can craft two distinct image payloads that produce the same digest, breaking integrity guarantees that the application relies on. The attack requires adjacent-network access and high complexity to execute, and exploitability is rated as difficult. The flaw is categorized under [CWE-327] Use of a Broken or Risky Cryptographic Algorithm.
Root Cause
The root cause is the selection of a weak hash function applied to image bytes within the dialogue handler. Hash algorithms such as MD5 or other non-collision-resistant primitives are unsuitable for integrity-sensitive use cases. The handler did not migrate to a collision-resistant primitive such as SHA-256, leaving the deduplication or identifier logic susceptible to collision-based manipulation.
Attack Vector
An attacker positioned on the adjacent network supplies crafted image data through the paste-image flow. Because exploitation requires adjacent access, low privileges, and no user interaction, but with high attack complexity, real-world abuse is constrained. Successful exploitation can cause two different inputs to be treated as equivalent, enabling cache poisoning, identifier confusion, or content substitution depending on downstream use.
No verified proof-of-concept code is reproduced here. Technical details are documented in the GitHub Vulnerability Documentation and tracked under GitHub Issue #5462.
Detection Methods for CVE-2026-7845
Indicators of Compromise
- Multiple distinct image uploads in the dialogue pipeline producing identical hash identifiers within a short time window.
- Anomalous paste-image submissions originating from adjacent network segments not typically associated with end users.
- Log entries from dialogue.py showing repeated processing of paste_image.image_data with mismatched byte length but identical computed digests.
Detection Strategies
- Audit application logs for the Vision Chat Paste Image Handler and flag duplicate hash values across structurally different image payloads.
- Inspect deployed Langchain-Chatchat instances for versions at or below 0.3.1.3 and confirm whether the weak hashing path remains in use.
- Compare digests produced by the application against an out-of-band SHA-256 reference to identify integrity divergences.
Monitoring Recommendations
- Monitor adjacent-network traffic to Langchain-Chatchat web interfaces for unusual paste-image activity volume or timing.
- Track changes to libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py and related modules in deployed environments.
- Alert on repeated dialogue sessions submitting near-duplicate images that yield identical internal identifiers.
How to Mitigate CVE-2026-7845
Immediate Actions Required
- Restrict network access to Langchain-Chatchat instances so that only trusted segments can reach the Vision Chat Paste Image Handler.
- Inventory all deployments of Langchain-Chatchat and identify versions at or below 0.3.1.3.
- Subscribe to the upstream Langchain-Chatchat repository and issue tracker for fix announcements.
Patch Information
No official vendor patch is available at the time of publication. The project was notified through an issue report but had not responded as of the NVD publication on 2026-05-05. Operators should track the VulDB advisory #361124 and the upstream issue for remediation status.
Workarounds
- Replace usage of weak hashing with a collision-resistant algorithm such as SHA-256 in any forked or self-maintained build of dialogue.py.
- Disable or gate the paste-image functionality in the Vision Chat workflow until a vendor fix is published.
- Apply network segmentation and authentication controls so adjacent-network attackers cannot reach the dialogue endpoint directly.
- Validate image inputs by size and content type before they reach the hashing path to reduce the attacker's ability to shape colliding inputs.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
