MEDIUM 4.7

PYSEC-2026-212

상세

A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / streamlit

최초 영향 버전: 0 수정 버전: 1.53.1

수정 pip install --upgrade 'streamlit>=1.53.1'

참고

https://github.com/streamlit/streamlit/ [WEB]
https://vuldb.com/cve/CVE-2026-10804 [ADVISORY]
https://vuldb.com/submit/831508 [ADVISORY]
https://vuldb.com/vuln/368253 [ADVISORY]
https://vuldb.com/vuln/368253/cti [REPORT]
https://github.com/streamlit/streamlit/issues/14622 [FIX]
https://github.com/streamlit/streamlit/pull/14635 [FIX]