CVE-2026-7845 | chatchat-space Langchain-Chatchat up to 0.3.1.3 Vision Chat Paste Image dialogue.py PIL.Image.tobytes paste_image.image_data weak hash (Issue 5462)

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. It has been rated as problematic. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument paste_image.image_data causes use of weak hash.

This vulnerability appears as CVE-2026-7845. The attacker needs to be present on the local network. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7845 | chatchat-space Langchain-Chatchat up to 0.3.1.3 Vision Chat Paste Image dialogue.py PIL.Image.tobytes paste_image.image_data weak hash (Issue 5462)

Post correlati

CVE-2023-6607 | Tongda OA 2017 up to 11.10 delete.php TERM_ID_STR sql injection

CVE-2026-7178 | ChatGPTNextWeb NextChat up to 2.16.1 Artifacts Endpoint route.ts storeUrl ID server-side request forgery (Issue 6741)

CVE-2024-38079 | Microsoft Windows up to Server 2022 23H2 Graphics heap-based overflow

CVE-2025-9332 | Interactive Human Anatomy with Clickable Body Parts Plugin Setting cross site scripting