mem0ai mem0 faiss.py pickle.dump deserialization_CVE-2026-7597

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 62dca096f9236010ca15fea9ba369ba740b86b7a. Applying a patch is the recommended action to fix this issue.

Basic Information

ID CVE-2026-7597

Source VulDB

Published May 1, 2026 at 21:15

Affected Product

Vendor mem0ai

Product mem0

Version 1.0.0

Affected Versions mem0ai mem0 1.0.0
mem0ai mem0 1.0.1
mem0ai mem0 1.0.2
mem0ai mem0 1.0.3
mem0ai mem0 1.0.4
mem0ai mem0 1.0.5
mem0ai mem0 1.0.6
mem0ai mem0 1.0.7
mem0ai mem0 1.0.8
mem0ai mem0 1.0.9
mem0ai mem0 1.0.10
mem0ai mem0 1.0.11

CWE Classification

CWE-502 CWE-20

References

{
    "lastseen": "",
    "description": "A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 62dca096f9236010ca15fea9ba369ba740b86b7a. Applying a patch is the recommended action to fix this issue.",
    "published": "2026-05-01T21:15:11.399Z",
    "modified": "2026-05-01T21:15:11.399Z",
    "type": "cve",
    "title": "mem0ai mem0 faiss.py pickle.dump deserialization",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360550\nhttps://vuldb.com/vuln/360550/cti\nhttps://vuldb.com/submit/805562\nhttps://github.com/mem0ai/mem0/issues/3778\nhttps://github.com/mem0ai/mem0/pull/4833\nhttps://github.com/mem0ai/mem0/commit/62dca096f9236010ca15fea9ba369ba740b86b7a\nhttps://github.com/mem0ai/mem0/",
    "id": "CVE-2026-7597",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502",
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "mem0ai mem0 1.0.0\nmem0ai mem0 1.0.1\nmem0ai mem0 1.0.2\nmem0ai mem0 1.0.3\nmem0ai mem0 1.0.4\nmem0ai mem0 1.0.5\nmem0ai mem0 1.0.6\nmem0ai mem0 1.0.7\nmem0ai mem0 1.0.8\nmem0ai mem0 1.0.9\nmem0ai mem0 1.0.10\nmem0ai mem0 1.0.11",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mem0",
    "version": "1.0.0",
    "vendor": "mem0ai",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}