CVE-2026-14738
A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function _image_cache_key of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash.
It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult.
The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.
- No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NATT&CK techniques
2Techniques this CVE enables. Pills with a solid outline are high confidence - named directly in ATT&CK or Nuclei, or human-curated by CTID; the rest are inferred from the weakness type using MITRE's CVE Mapping Methodology and the CWE → CAPEC chain. Broad, generic-weakness guesses are filtered out. A small N× marks a technique that N independent sources agree on.
▤ Build a SIEM detection for these techniquesCAPEC attack patterns
9Attack patterns this CVE enables - the bridge from weakness to ATT&CK technique.