hypeorhack
← back

CVE-2026-7597

MEDIUM · 6.3 EPSS 0.1%
hype MIXED · 58 hack

Real vuln with public exploit and vendor patch, but automated feed chatter only; no KEV, no in-the-wild confirmation.

What: Unsafe deserialization vulnerability in mem0ai mem0 vector store (FAISS) via pickle.load/dump in versions up to 1.0.11; remote exploitation possible; CVSS 6.3 MEDIUM.

Why it matters: Public exploit available and patch issued (commit 62dca096f9236010ca15fea9ba369ba740b86b7a) within 24 hours of publication. Deserialization via pickle is a known remote code execution vector. Not yet KEV-listed, but rapid vendor response and public PoC indicate active research interest rather than speculative coverage.

Where it's seen: Automated CVE feeds (CVEnew, VulmonFeeds, infoflowcloud) echoing NVD description; no independent researcher analysis, no defender triage reports visible in top posts.

RISK: ELEVATED — Unsafe deserialization with public PoC; medium CVSS; patch available but adoption unknown.

Generated by claude-haiku-4-5 from public posts and authoritative metadata. AI can make mistakes — verify against vendor advisories before acting. 5/2/2026, 1:14:21 AM

Public PoCs on GitHub 1 repo

Articles & coverage 5 articles

  • CVE-2026-7597 - Exploits & Severity - Feedly

    # CVE-2026-7597. A deserialization vulnerability was found in mem0ai mem0 up to version 1.0.11, specifically affecting the pickle.load/pickle.dump functions in the mem0/vector\_stores/faiss.py file. Successful exploitation could lead to: - Unauthorized access to sensitive data (low confidentiality impact) - Unauthorized modification of data (low integrity impact) - Denial of service conditions (lo

  • CVE-2026-7597 | Tenable®

    A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file

  • CVE-2026-7597 — Deserialization of Untrusted Data in Mem0 | dbugs

    A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector stores

  • NVD - CVE-2026-7597

    | URL | Source(s) | Tag(s) | | --- | --- | --- | | | VulDB | | | | VulDB | | | | VulDB | | | | VulDB | | | | VulDB | | | | VulDB | | | | VulDB | | Weakness Enumeration | CWE-ID | CWE Name | Source | | --- | --- | --- | | CWE-20 | Improper Input Validation | VulDB | | CWE-502 | Deserialization of Untrusted Data | VulDB | Change History 1 change records found show changes **New CVE

  • The most severe Linux threat to surface in years catches the world ...

    Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of Linux is setting off alarm bells as defenders scramble to ward off severe compromises inside data centers and on personal devices. The vulnerability and exploit code that exploits it were released Wednesday evening by researchers from security firm Theori, five weeks after

NVD details 2 CWE ·0 vendors · 7 refs expand

Description

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 62dca096f9236010ca15fea9ba369ba740b86b7a. Applying a patch is the recommended action to fix this issue.

Weaknesses

References

Other · 7

Top posts driving the trend