CVE-2026-14738 PUBLISHED

exo-explore exo Vision Feature Cache vision.py _image_cache_key weak hash

Assigner: VulDB
Reserved: 04.07.2026 Published: 05.07.2026 Updated: 05.07.2026

A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function _image_cache_key of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
CVSS Score: 6.3

Product Status

Vendor exo-explore
Product exo
Versions
  • Version 1.0.0 is affected
  • Version 1.0.1 is affected
  • Version 1.0.2 is affected
  • Version 1.0.3 is affected
  • Version 1.0.4 is affected
  • Version 1.0.5 is affected
  • Version 1.0.6 is affected
  • Version 1.0.7 is affected
  • Version 1.0.8 is affected
  • Version 1.0.9 is affected
  • Version 1.0.10 is affected
  • Version 1.0.11 is affected
  • Version 1.0.12 is affected
  • Version 1.0.13 is affected
  • Version 1.0.14 is affected
  • Version 1.0.15 is affected
  • Version 1.0.16 is affected
  • Version 1.0.17 is affected
  • Version 1.0.18 is affected
  • Version 1.0.19 is affected
  • Version 1.0.20 is affected
  • Version 1.0.21 is affected
  • Version 1.0.22 is affected
  • Version 1.0.23 is affected
  • Version 1.0.24 is affected
  • Version 1.0.25 is affected
  • Version 1.0.26 is affected
  • Version 1.0.27 is affected
  • Version 1.0.28 is affected
  • Version 1.0.29 is affected
  • Version 1.0.30 is affected
  • Version 1.0.31 is affected
  • Version 1.0.32 is affected
  • Version 1.0.33 is affected
  • Version 1.0.34 is affected
  • Version 1.0.35 is affected
  • Version 1.0.36 is affected
  • Version 1.0.37 is affected
  • Version 1.0.38 is affected
  • Version 1.0.39 is affected
  • Version 1.0.40 is affected
  • Version 1.0.41 is affected
  • Version 1.0.42 is affected
  • Version 1.0.43 is affected
  • Version 1.0.44 is affected
  • Version 1.0.45 is affected
  • Version 1.0.46 is affected
  • Version 1.0.47 is affected
  • Version 1.0.48 is affected
  • Version 1.0.49 is affected
  • Version 1.0.50 is affected
  • Version 1.0.51 is affected
  • Version 1.0.52 is affected
  • Version 1.0.53 is affected
  • Version 1.0.54 is affected
  • Version 1.0.55 is affected
  • Version 1.0.56 is affected
  • Version 1.0.57 is affected
  • Version 1.0.58 is affected
  • Version 1.0.59 is affected
  • Version 1.0.60 is affected
  • Version 1.0.61 is affected
  • Version 1.0.62 is affected
  • Version 1.0.63 is affected
  • Version 1.0.64 is affected
  • Version 1.0.65 is affected
  • Version 1.0.66 is affected
  • Version 1.0.67 is affected
  • Version 1.0.68 is affected
  • Version 1.0.69 is affected
  • Version 1.0.70 is affected
  • Version 1.0.71 is affected

Credits

  • Dem0 (VulDB User) reporter
  • VulDB CNA Team coordinator

References

Problem Types

  • Use of Weak Hash CWE
  • Risky Cryptographic Algorithm CWE