CNNVD-202601-2742 Information

CNNVD ID

CNNVD-202601-2742

Related CVE

CVE-2026-23528

• CNNVD Published: 2026-01-16

Description (Chinese)

Distributed是dask开源的一个分布式任务调度器。 Distributed 2026.1.0之前版本存在安全漏洞，该漏洞源于Dask仪表板中存在跨站脚本错误，可能导致通过钓鱼URL执行代码。

Description (English)

Distribued is a distributed task scheduler for the dask open source. There was a security loophole in the previous version of Distributed 2026.1.0, which resulted from a cross-site script error on the Dask dashboard, which could lead to enforcement of the code through the fishing URL.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Dask

Published

2026-01-16

Last Modified

2026-02-24

References

https://github.com/dask/distributed/commit/ab72092a8a938923c2bb51a2cd14ca26614827fa https://github.com/dask/distributed/security/advisories/GHSA-c336-7962-wfj2 https://access.redhat.com/security/cve/cve-2026-23528

Patch

https://distributed.dask.org/en/stable/