CVE-2026-10804

CVE Database · CVE-2026-10804

CVE-2026-10804

· LOWAnalyzed

CVSS v3.1

3.6

CVSS v4.0

1.1

EPSS

0.08%

Published

Jun 4, 2026

Modified

Jun 10, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

Weaknesses (CWE)

CWE-327CWE-328

Affected Products (1)

snowflake · streamlitvulnerable

References (7)

https://github.com/streamlit/streamlit/

Product

https://github.com/streamlit/streamlit/issues/14622

Issue TrackingMitigationPatch

https://github.com/streamlit/streamlit/pull/14635