CVE-2026-10705
LOWdask HLL hyperloglog.py nunique_approx resource consumption
Title source: cnaDescription
A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The pull request to fix this issue awaits acceptance.
References (7)
Core 7
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-368018 | dask HLL hyperloglog.py nunique_approx resource consumption
https://vuldb.com/vuln/368018
Signature, Permissions Required signature
permissions-required
VDB-368018 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/368018/cti
Third Party Advisory third-party-advisory
CVE-2026-10705 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10705
Third Party Advisory third-party-advisory
Submit #831411 | dask 2026.3.0 Algorithmic Complexity / Hash Collision / Denial of Service
https://vuldb.com/submit/831411
Issue Tracking issue-tracking
https://github.com/dask/dask/issues/12403
Patch issue-tracking
patch
https://github.com/dask/dask/pull/12401
Product product
https://github.com/dask/dask/
Scores
CVSS v3
3.1
EPSS
0.0029
EPSS Percentile
20.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-400
CWE-404
Status
published
Products (1)
None/dask
3.0
Published
Jun 03, 2026
Tracked Since
Jun 03, 2026