QwikSec

Security Database

CVE

CWE

Training

CVE-2026-10705

Published: Jun 3, 2026

Modified: Jun 3, 2026

PUBLISHED

CVSS v3.1

3.1

LOW

Description

A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The pull request to fix this issue awaits acceptance.

Vendor	Product	Versions
n/a	dask	affected `3.0`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:R

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

VDB-368018 | dask HLL hyperloglog.py nunique_approx resource consumption

vdb-entry

technical-description

VDB-368018 | CTI Indicators (IOB, IOC, TTP, IOA)

signature

permissions-required

CVE-2026-10705 | CVE Analysis and Report

third-party-advisory

Submit #831411 | dask 2026.3.0 Algorithmic Complexity / Hash Collision / Denial of Service

third-party-advisory

https://github.com/dask/dask/issues/12403

issue-tracking

https://github.com/dask/dask/pull/12401

issue-tracking

patch

https://github.com/dask/dask/

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.