CVE-2026-10705
3.1 LOWA flaw has been found in dask up to 3.0
Published: 2026-06-03 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 3.1 LOW
- Vector
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
- CWE
- CWE-400, CWE-404
Description
A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The pull request to fix this issue awaits acceptance.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10705
- [Other]https://github.com/dask/dask/
- [Other]https://github.com/dask/dask/issues/12403
- [Other]https://github.com/dask/dask/pull/12401
- [Other]https://vuldb.com/cve/CVE-2026-10705
- [Other]https://vuldb.com/submit/831411
- [Other]https://vuldb.com/vuln/368018
- [Other]https://vuldb.com/vuln/368018/cti
Related CVEs
Same CWE
- CVE-2026-47734 — Dulwich is a pure-Python implementation of the Git file formats and protocols (5.7 MEDIUM)
- CVE-2026-47213 — Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (6.5 MEDIUM)
- CVE-2026-46689 — Kanidm is an identity management platform
- CVE-2026-46679 — libp2p is a JavaScript Implementation of libp2p networking stack (7.5 HIGH)
- CVE-2026-46522 — ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)