CVE-2026-7597

Summary

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 62dca096f9236010ca15fea9ba369ba740b86b7a. Applying a patch is the recommended action to fix this issue.

Affected Software

VendorProductVersion RangeStatus
mem0aimem01.0.0affected
mem0aimem01.0.1affected
mem0aimem01.0.2affected
mem0aimem01.0.3affected
mem0aimem01.0.4affected
mem0aimem01.0.5affected
mem0aimem01.0.6affected
mem0aimem01.0.7affected
mem0aimem01.0.8affected
mem0aimem01.0.9affected
mem0aimem01.0.10affected
mem0aimem01.0.11affected

Weaknesses

  • CWE-502: Deserialization
  • CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References