{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-10804", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-06-04T05:09:57.527Z", "datePublished": "2026-06-04T12:00:14.916Z", "dateUpdated": "2026-06-04T14:23:02.735Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-06-04T12:00:14.916Z"}, "title": "Streamlit Palette hashing.py weak hash", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-328", "lang": "en", "description": "Use of Weak Hash"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-327", "lang": "en", "description": "Risky Cryptographic Algorithm"}]}], "affected": [{"vendor": "n/a", "product": "Streamlit", "versions": [{"version": "1.0", "status": "affected"}, {"version": "1.1", "status": "affected"}, {"version": "1.2", "status": "affected"}, {"version": "1.3", "status": "affected"}, {"version": "1.4", "status": "affected"}, {"version": "1.5", "status": "affected"}, {"version": "1.6", "status": "affected"}, {"version": "1.7", "status": "affected"}, {"version": "1.8", "status": "affected"}, {"version": "1.9", "status": "affected"}, {"version": "1.10", "status": "affected"}, {"version": "1.11", "status": "affected"}, {"version": "1.12", "status": "affected"}, {"version": "1.13", "status": "affected"}, {"version": "1.14", "status": "affected"}, {"version": "1.15", "status": "affected"}, {"version": "1.16", "status": "affected"}, {"version": "1.17", "status": "affected"}, {"version": "1.18", "status": "affected"}, {"version": "1.19", "status": "affected"}, {"version": "1.20", "status": "affected"}, {"version": "1.21", "status": "affected"}, {"version": "1.22", "status": "affected"}, {"version": "1.23", "status": "affected"}, {"version": "1.24", "status": "affected"}, {"version": "1.25", "status": "affected"}, {"version": "1.26", "status": "affected"}, {"version": "1.27", "status": "affected"}, {"version": "1.28", "status": "affected"}, {"version": "1.29", "status": "affected"}, {"version": "1.30", "status": "affected"}, {"version": "1.31", "status": "affected"}, {"version": "1.32", "status": "affected"}, {"version": "1.33", "status": "affected"}, {"version": "1.34", "status": "affected"}, {"version": "1.35", "status": "affected"}, {"version": "1.36", "status": "affected"}, {"version": "1.37", "status": "affected"}, {"version": "1.38", "status": "affected"}, {"version": "1.39", "status": "affected"}, {"version": "1.40", "status": "affected"}, {"version": "1.41", "status": "affected"}, {"version": "1.42", "status": "affected"}, {"version": "1.43", "status": "affected"}, {"version": "1.44", "status": "affected"}, {"version": "1.45", "status": "affected"}, {"version": "1.46", "status": "affected"}, {"version": "1.47", "status": "affected"}, {"version": "1.48", "status": "affected"}, {"version": "1.49", "status": "affected"}, {"version": "1.50", "status": "affected"}, {"version": "1.51", "status": "affected"}, {"version": "1.52", "status": "affected"}, {"version": "1.53.0", "status": "affected"}], "cpes": ["cpe:2.3:a:streamlit:streamlit:*:*:*:*:*:*:*:*"], "modules": ["Palette Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "LOW"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.6, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.4, "vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:C"}}], "timeline": [{"time": "2026-06-04T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-06-04T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-06-04T07:15:01.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Dem0 (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/368253", "name": "VDB-368253 | Streamlit Palette hashing.py weak hash", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/368253/cti", "name": "VDB-368253 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-10804", "name": "CVE-2026-10804 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/831508", "name": "Submit #831508 | streamlit 1.53.0 hash collision", "tags": ["third-party-advisory"]}, {"url": "https://github.com/streamlit/streamlit/issues/14622", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/streamlit/streamlit/pull/14635", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/streamlit/streamlit/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-04T14:22:17.927620Z", "id": "CVE-2026-10804", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-04T14:23:02.735Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-10804", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-04T14:22:17.927620Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-04T14:22:57.796Z"}}], "cna": {"title": "Streamlit Palette hashing.py weak hash", "credits": [{"lang": "en", "type": "reporter", "value": "Dem0 (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.6, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.6, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.4, "vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:streamlit:streamlit:*:*:*:*:*:*:*:*"], "vendor": "n/a", "modules": ["Palette Handler"], "product": "Streamlit", "versions": [{"status": "affected", "version": "1.0"}, {"status": "affected", "version": "1.1"}, {"status": "affected", "version": "1.2"}, {"status": "affected", "version": "1.3"}, {"status": "affected", "version": "1.4"}, {"status": "affected", "version": "1.5"}, {"status": "affected", "version": "1.6"}, {"status": "affected", "version": "1.7"}, {"status": "affected", "version": "1.8"}, {"status": "affected", "version": "1.9"}, {"status": "affected", "version": "1.10"}, {"status": "affected", "version": "1.11"}, {"status": "affected", "version": "1.12"}, {"status": "affected", "version": "1.13"}, {"status": "affected", "version": "1.14"}, {"status": "affected", "version": "1.15"}, {"status": "affected", "version": "1.16"}, {"status": "affected", "version": "1.17"}, {"status": "affected", "version": "1.18"}, {"status": "affected", "version": "1.19"}, {"status": "affected", "version": "1.20"}, {"status": "affected", "version": "1.21"}, {"status": "affected", "version": "1.22"}, {"status": "affected", "version": "1.23"}, {"status": "affected", "version": "1.24"}, {"status": "affected", "version": "1.25"}, {"status": "affected", "version": "1.26"}, {"status": "affected", "version": "1.27"}, {"status": "affected", "version": "1.28"}, {"status": "affected", "version": "1.29"}, {"status": "affected", "version": "1.30"}, {"status": "affected", "version": "1.31"}, {"status": "affected", "version": "1.32"}, {"status": "affected", "version": "1.33"}, {"status": "affected", "version": "1.34"}, {"status": "affected", "version": "1.35"}, {"status": "affected", "version": "1.36"}, {"status": "affected", "version": "1.37"}, {"status": "affected", "version": "1.38"}, {"status": "affected", "version": "1.39"}, {"status": "affected", "version": "1.40"}, {"status": "affected", "version": "1.41"}, {"status": "affected", "version": "1.42"}, {"status": "affected", "version": "1.43"}, {"status": "affected", "version": "1.44"}, {"status": "affected", "version": "1.45"}, {"status": "affected", "version": "1.46"}, {"status": "affected", "version": "1.47"}, {"status": "affected", "version": "1.48"}, {"status": "affected", "version": "1.49"}, {"status": "affected", "version": "1.50"}, {"status": "affected", "version": "1.51"}, {"status": "affected", "version": "1.52"}, {"status": "affected", "version": "1.53.0"}]}], "timeline": [{"lang": "en", "time": "2026-06-04T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-06-04T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-06-04T07:15:01.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/368253", "name": "VDB-368253 | Streamlit Palette hashing.py weak hash", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/368253/cti", "name": "VDB-368253 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-10804", "name": "CVE-2026-10804 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/831508", "name": "Submit #831508 | streamlit 1.53.0 hash collision", "tags": ["third-party-advisory"]}, {"url": "https://github.com/streamlit/streamlit/issues/14622", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/streamlit/streamlit/pull/14635", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/streamlit/streamlit/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-328", "description": "Use of Weak Hash"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-327", "description": "Risky Cryptographic Algorithm"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-06-04T12:00:14.916Z"}}}, "cveMetadata": {"cveId": "CVE-2026-10804", "state": "PUBLISHED", "dateUpdated": "2026-06-04T14:23:02.735Z", "dateReserved": "2026-06-04T05:09:57.527Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-06-04T12:00:14.916Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:snowflake:streamlit:*:*:*:*:*:*:*:*", "matchCriteriaId": "6345EBCC-07CA-4C5A-9A2A-EE663D607D2A", "versionEndIncluding": "1.53.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance."}], "id": "CVE-2026-10804", "lastModified": "2026-06-10T17:47:27.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 2.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 2.5, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-06-04T12:16:24.620", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/streamlit/streamlit/"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking", "Mitigation", "Patch"], "url": "https://github.com/streamlit/streamlit/issues/14622"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/streamlit/streamlit/pull/14635"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/cve/CVE-2026-10804"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/submit/831508"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/vuln/368253"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/vuln/368253/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}, {"lang": "en", "value": "CWE-328"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "streamlit: Streamlit: Weak hash usage leading to low integrity and availability impact", "id": "2484754", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484754"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "draft"}, "cwe": "CWE-328", "details": ["A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.", "A flaw was found in Streamlit, within its Palette Handler component. This vulnerability stems from the use of a weak hashing algorithm. A local attacker could exploit this flaw, though it requires a high level of technical complexity. Successful exploitation may lead to a low impact on the integrity and availability of the affected system."], "mitigation": {"lang": "en:us", "value": "If your application uses @st.cache_data or @st.cache_resource with large datasets from untrusted sources, validate the data before it reaches the caching layer. For DataFrames exceeding the 50,000-row sampling threshold, comparing a hash of the full dataset against the cached version before returning results can catch collisions that the built-in sampler misses. Reducing the cache TTL also limits the window during which a poisoned entry would be served to other users."}, "name": "CVE-2026-10804", "package_state": [{"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "rhelai3/bootc-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "rhelai3/bootc-gaudi-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "rhelai3/bootc-rocm-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "rhelai3/disk-image-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-trustyai-nemo-guardrails-server-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}], "public_date": "2026-06-04T12:00:14Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-10804\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-10804\nhttps://github.com/streamlit/streamlit/\nhttps://github.com/streamlit/streamlit/issues/14622\nhttps://github.com/streamlit/streamlit/pull/14635\nhttps://vuldb.com/cve/CVE-2026-10804\nhttps://vuldb.com/submit/831508\nhttps://vuldb.com/vuln/368253\nhttps://vuldb.com/vuln/368253/cti"], "statement": "Red Hat rates this vulnerability as Low impact with a CVSS score of 3.6, lower than NIST's 4.7. Red Hat products that ship Streamlit are limited to RHEL AI bootc containers and RHOAI's NeMo Guardrails server, where the caching functions are used for internal model serving rather than processing user-uploaded datasets, making the attack scenario unlikely.\nRed Hat scores integrity as Low rather than High because the hash collision requires preserving values at sampled positions, which constrains what the attacker can change. The attacker controls the non-sampled rows but cannot freely modify all cached data. Availability is Low because poisoned cache entries cause incorrect results for the cache lifetime without affecting the application itself.", "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.11"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.12"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.13"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.14"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.15"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.16"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.17"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.18"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.19"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.20"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.21"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.22"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.23"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.24"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.25"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.26"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.27"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.28"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.29"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.30"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.31"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.32"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.33"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.34"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.35"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.36"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.37"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.38"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.39"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.40"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.41"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.42"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.43"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.44"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.45"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.46"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.47"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.48"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.49"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.50"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.51"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.52"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.53.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Streamlit", "source": "cna", "vendor": "n/a"}, "product": "streamlit", "vendor": "streamlit"}], "created": "2026-06-04T14:00:15.353986+00:00", "updated": "2026-06-04T16:00:15.787621+00:00", "vendors": ["streamlit", "streamlit$PRODUCT$streamlit"]}