Description
A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function _image_cache_key of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Sun, 05 Jul 2026 11:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function _image_cache_key of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance. | |
| Title | exo-explore exo Vision Feature Cache vision.py _image_cache_key weak hash | |
| First Time appeared |
Exo-explore
Exo-explore exo |
|
| Weaknesses | CWE-327 CWE-328 |
|
| CPEs | cpe:2.3:a:exo-explore:exo:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Exo-explore
Exo-explore exo |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-05T10:15:09.187Z
Reserved: 2026-07-04T09:06:11.045Z
Link: CVE-2026-14738
No data.
No data.
No data.
OpenCVE Enrichment
No data.