Improper Resource Shutdown or Release Affecting dask package, versions [0,]


Severity

Recommended
0.0
low
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.29% (21st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-DASK-17138893
  • published3 Jun 2026
  • disclosed3 Jun 2026
  • creditUnknown

Introduced: 3 Jun 2026

CVE-2026-10705  (opens in a new tab)
CWE-404  (opens in a new tab)

How to fix?

There is no fixed version for dask.

Overview

dask is a Parallel PyData with Task Scheduling

Affected versions of this package are vulnerable to Improper Resource Shutdown or Release through the compute_hll_array() function in the HLL Handler component. An attacker can cause excessive resource consumption by remotely invoking this function with crafted input, potentially leading to degraded service availability.

CVSS Base Scores

version 4.0
version 3.1