Medium severity6.3NVD Advisory· Published May 1, 2026· Updated May 5, 2026
CVE-2026-7597
CVE-2026-7597
Description
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 62dca096f9236010ca15fea9ba369ba740b86b7a. Applying a patch is the recommended action to fix this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mem0aiPyPI | < 2.0.0b2 | 2.0.0b2 |
Affected products
1Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-xqxw-r767-67m7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-7597ghsaADVISORY
- github.com/mem0ai/mem0/commit/62dca096f9236010ca15fea9ba369ba740b86b7anvdWEB
- github.com/mem0ai/mem0/issues/3778nvdWEB
- github.com/mem0ai/mem0/pull/4833nvdWEB
- vuldb.com/submit/805562nvdWEB
- vuldb.com/vuln/360550nvdWEB
- vuldb.com/vuln/360550/ctinvdWEB
News mentions
0No linked articles in our index yet.