CVE-2026-10705
LOW
2,3
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
LOW
3,1
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: low
LOW
2,1
Source: [email protected]
Access Vector: network
Access Complexity: high
Authentication: single
Confidentiality: none
Integrity: none
Availability: partial
Description
AI Translation Available
A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The pull request to fix this issue awaits acceptance.
400
Uncontrolled Resource Consumption
DraftCommon Consequences
Security Scopes Affected:
Availability
Access Control
Other
Potential Impacts:
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Dos: Resource Consumption (Other)
Bypass Protection Mechanism
Other
Applicable Platforms
Technologies:
Not Technology-Specific, AI/ML
404
Improper Resource Shutdown or Release
DraftCommon Consequences
Security Scopes Affected:
Availability
Other
Confidentiality
Potential Impacts:
Dos: Resource Consumption (Other)
Varies By Context
Read Application Data
Applicable Platforms
All platforms may be affected
https://github.com/dask/dask/
https://github.com/dask/dask/issues/12403
https://github.com/dask/dask/pull/12401
https://vuldb.com/cve/CVE-2026-10705
https://vuldb.com/submit/831411
https://vuldb.com/vuln/368018
https://vuldb.com/vuln/368018/cti