U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2026-14738

Change History

New CVE Received from VulDB 7/05/2026 7:16:27 AM

Action Type Old Value New Value
Added Description

                  
                
              
A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function _image_cache_key of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.
Added CVSS V4.0

                  
                
              
AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Added CVSS V3.1

                  
                
              
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Added CVSS V2

                  
                
              
(AV:N/AC:H/Au:N/C:P/I:N/A:N)
Added CWE

                  
                
              
CWE-327
Added CWE

                  
                
              
CWE-328
Added Reference

                  
                
              
https://github.com/exo-explore/exo/
Added Reference

                  
                
              
https://github.com/exo-explore/exo/issues/2151
Added Reference

                  
                
              
https://github.com/exo-explore/exo/pull/2152
Added Reference

                  
                
              
https://vuldb.com/cve/CVE-2026-14738
Added Reference

                  
                
              
https://vuldb.com/submit/848737
Added Reference

                  
                
              
https://vuldb.com/vuln/376321
Added Reference

                  
                
              
https://vuldb.com/vuln/376321/cti
Added Affected

                  
                
              
[{"vendor":"exo-explore","product":"exo","cpes":["cpe:2.3:a:exo-explore:exo:*:*:*:*:*:*:*:*"],"modules":["Vision Feature Cache"],"versions":[{"version":"1.0.0","status":"affected"},{"version":"1.0.1","status":"affected"},{"version":"1.0.2","status":"affected"},{"version":"1.0.3","status":"affected"},{"version":"1.0.4","status":"affected"},{"version":"1.0.5","status":"affected"},{"version":"1.0.6","status":"affected"},{"version":"1.0.7","status":"affected"},{"version":"1.0.8","status":"affected"},{"version":"1.0.9","status":"affected"},{"version":"1.0.10","status":"affected"},{"version":"1.0.11","status":"affected"},{"version":"1.0.12","status":"affected"},{"version":"1.0.13","status":"affected"},{"version":"1.0.14","status":"affected"},{"version":"1.0.15","status":"affected"},{"version":"1.0.16","status":"affected"},{"version":"1.0.17","status":"affected"},{"version":"1.0.18","status":"affected"},{"version":"1.0.19","status":"affected"},{"version":"1.0.20","status":"affected"},{"version":"1.0.21","status":"affected"},{"version":"1.0.22","status":"affected"},{"version":"1.0.23","status":"affected"},{"version":"1.0.24","status":"affected"},{"version":"1.0.25","status":"affected"},{"version":"1.0.26","status":"affected"},{"version":"1.0.27","status":"affected"},{"version":"1.0.28","status":"affected"},{"version":"1.0.29","status":"affected"},{"version":"1.0.30","status":"affected"},{"version":"1.0.31","status":"affected"},{"version":"1.0.32","status":"affected"},{"version":"1.0.33","status":"affected"},{"version":"1.0.34","status":"affected"},{"version":"1.0.35","status":"affected"},{"version":"1.0.36","status":"affected"},{"version":"1.0.37","status":"affected"},{"version":"1.0.38","status":"affected"},{"version":"1.0.39","status":"affected"},{"version":"1.0.40","status":"affected"},{"version":"1.0.41","status":"affected"},{"version":"1.0.42","status":"affected"},{"version":"1.0.43","status":"affected"},{"version":"1.0.44","status":"affected"},{"version":"1.0.45","status":"affected"},{"version":"1.0.46","status":"affected"},{"version":"1.0.47","status":"affected"},{"version":"1.0.48","status":"affected"},{"version":"1.0.49","status":"affected"},{"version":"1.0.50","status":"affected"},{"version":"1.0.51","status":"affected"},{"version":"1.0.52","status":"affected"},{"version":"1.0.53","status":"affected"},{"version":"1.0.54","status":"affected"},{"version":"1.0.55","status":"affected"},{"version":"1.0.56","status":"affected"},{"version":"1.0.57","status":"affected"},{"version":"1.0.58","status":"affected"},{"version":"1.0.59","status":"affected"},{"version":"1.0.60","status":"affected"},{"version":"1.0.61","status":"affected"},{"version":"1.0.62","status":"affected"},{"version":"1.0.63","status":"affected"},{"version":"1.0.64","status":"affected"},{"version":"1.0.65","status":"affected"},{"version":"1.0.66","status":"affected"},{"version":"1.0.67","status":"affected"},{"version":"1.0.68","status":"affected"},{"version":"1.0.69","status":"affected"},{"version":"1.0.70","status":"affected"},{"version":"1.0.71","status":"affected"}]}]